| --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200 |
| @@ -3,6 +3,7 @@ |
| xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto |
| |
| xmlsecmscryptoinc_HEADERS = \ |
| +akmngr.h \ |
| app.h \ |
| certkeys.h \ |
| crypto.h \ |
| --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200 |
| @@ -281,6 +281,7 @@ |
| NULL = |
| xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto |
| xmlsecmscryptoinc_HEADERS = \ |
| +akmngr.h \ |
| app.h \ |
| certkeys.h \ |
| crypto.h \ |
| --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200 |
| @@ -1 +1,71 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright .......................... |
| + */ |
| +#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ |
| +#define __XMLSEC_MSCRYPTO_AKMNGR_H__ |
| + |
| +#include <windows.h> |
| +#include <wincrypt.h> |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/keys.h> |
| +#include <xmlsec/transforms.h> |
| + |
| +#ifdef __cplusplus |
| +extern "C" { |
| +#endif /* __cplusplus */ |
| + |
| +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr |
| +xmlSecMSCryptoAppliedKeysMngrCreate( |
| + HCERTSTORE keyStore , |
| + HCERTSTORE certStore |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + HCRYPTKEY symKey |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + HCRYPTKEY pubKey |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + HCRYPTKEY priKey |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( |
| + xmlSecKeysMngrPtr mngr , |
| + HCERTSTORE keyStore |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( |
| + xmlSecKeysMngrPtr mngr , |
| + HCERTSTORE trustedStore |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( |
| + xmlSecKeysMngrPtr mngr , |
| + HCERTSTORE untrustedStore |
| +) ; |
| + |
| +#ifdef __cplusplus |
| +} |
| +#endif /* __cplusplus */ |
| + |
| +#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ |
| + |
| + |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200 |
| @@ -10,6 +10,9 @@ |
| keysstore.h \ |
| pkikeys.h \ |
| x509.h \ |
| +akmngr.h \ |
| +tokens.h \ |
| +ciphers.h \ |
| $(NULL) |
| |
| install-exec-hook: |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200 |
| @@ -288,6 +288,9 @@ |
| keysstore.h \ |
| pkikeys.h \ |
| x509.h \ |
| +akmngr.h \ |
| +tokens.h \ |
| +ciphers.h \ |
| $(NULL) |
| |
| all: all-am |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200 |
| @@ -1 +1,56 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright .......................... |
| + */ |
| +#ifndef __XMLSEC_NSS_AKMNGR_H__ |
| +#define __XMLSEC_NSS_AKMNGR_H__ |
| + |
| +#include <nss.h> |
| +#include <nspr.h> |
| +#include <pk11func.h> |
| +#include <cert.h> |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/keys.h> |
| +#include <xmlsec/transforms.h> |
| + |
| +#ifdef __cplusplus |
| +extern "C" { |
| +#endif /* __cplusplus */ |
| + |
| +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr |
| +xmlSecNssAppliedKeysMngrCreate( |
| + PK11SlotInfo** slots, |
| + int cSlots, |
| + CERTCertDBHandle* handler |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssAppliedKeysMngrSymKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + PK11SymKey* symKey |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssAppliedKeysMngrPubKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + SECKEYPublicKey* pubKey |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssAppliedKeysMngrPriKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + SECKEYPrivateKey* priKey |
| +) ; |
| + |
| +#ifdef __cplusplus |
| +} |
| +#endif /* __cplusplus */ |
| + |
| +#endif /* __XMLSEC_NSS_AKMNGR_H__ */ |
| + |
| + |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200 |
| @@ -22,6 +22,9 @@ |
| #include <xmlsec/keysmngr.h> |
| #include <xmlsec/transforms.h> |
| |
| +#include <xmlsec/nss/tokens.h> |
| +#include <xmlsec/nss/akmngr.h> |
| + |
| /** |
| * Init/shutdown |
| */ |
| @@ -36,6 +39,8 @@ |
| xmlSecKeyPtr key); |
| XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, |
| const char* uri); |
| +XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, |
| + xmlSecNssKeySlotPtr keySlot); |
| XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, |
| const char* filename, |
| xmlSecKeyDataType type); |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200 |
| @@ -1 +1,35 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright .......................... |
| + */ |
| +#ifndef __XMLSEC_NSS_CIPHERS_H__ |
| +#define __XMLSEC_NSS_CIPHERS_H__ |
| + |
| +#ifdef __cplusplus |
| +extern "C" { |
| +#endif /* __cplusplus */ |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/keys.h> |
| +#include <xmlsec/transforms.h> |
| + |
| + |
| +XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, |
| + PK11SymKey* symkey ) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); |
| + |
| + |
| +#ifdef __cplusplus |
| +} |
| +#endif /* __cplusplus */ |
| + |
| +#endif /* __XMLSEC_NSS_CIPHERS_H__ */ |
| + |
| + |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200 |
| @@ -16,6 +16,8 @@ |
| #endif /* __cplusplus */ |
| |
| #include <xmlsec/xmlsec.h> |
| +#include <xmlsec/keysmngr.h> |
| +#include <xmlsec/nss/tokens.h> |
| |
| /**************************************************************************** |
| * |
| @@ -31,6 +33,8 @@ |
| XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); |
| XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, |
| xmlSecKeyPtr key); |
| +XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, |
| + xmlSecNssKeySlotPtr keySlot); |
| XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, |
| const char *uri, |
| xmlSecKeysMngrPtr keysMngr); |
| --- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200 |
| +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200 |
| @@ -1 +1,182 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. |
| + * |
| + * Contributor(s): _____________________________ |
| + * |
| + */ |
| +#ifndef __XMLSEC_NSS_TOKENS_H__ |
| +#define __XMLSEC_NSS_TOKENS_H__ |
| + |
| +#include <string.h> |
| + |
| +#include <nss.h> |
| +#include <pk11func.h> |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/list.h> |
| + |
| +#ifdef __cplusplus |
| +extern "C" { |
| +#endif /* __cplusplus */ |
| + |
| +/** |
| + * xmlSecNssKeySlotListId |
| + * |
| + * The crypto mechanism list klass |
| + */ |
| +#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() |
| +XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; |
| + |
| +/******************************************* |
| + * KeySlot interfaces |
| + *******************************************/ |
| +/** |
| + * Internal NSS key slot data |
| + * @mechanismList: the mechanisms that the slot bound with. |
| + * @slot: the pkcs slot |
| + * |
| + * This context is located after xmlSecPtrList |
| + */ |
| +typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; |
| +typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; |
| + |
| +struct _xmlSecNssKeySlot { |
| + CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ |
| + PK11SlotInfo* slot ; |
| +} ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotSetMechList( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE_PTR mechanismList |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotEnableMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE mechanism |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotDisableMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE mechanism |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR |
| +xmlSecNssKeySlotGetMechList( |
| + xmlSecNssKeySlotPtr keySlot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotSetSlot( |
| + xmlSecNssKeySlotPtr keySlot , |
| + PK11SlotInfo* slot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotInitialize( |
| + xmlSecNssKeySlotPtr keySlot , |
| + PK11SlotInfo* slot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT void |
| +xmlSecNssKeySlotFinalize( |
| + xmlSecNssKeySlotPtr keySlot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* |
| +xmlSecNssKeySlotGetSlot( |
| + xmlSecNssKeySlotPtr keySlot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr |
| +xmlSecNssKeySlotCreate() ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotCopy( |
| + xmlSecNssKeySlotPtr newKeySlot , |
| + xmlSecNssKeySlotPtr keySlot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr |
| +xmlSecNssKeySlotDuplicate( |
| + xmlSecNssKeySlotPtr keySlot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT void |
| +xmlSecNssKeySlotDestroy( |
| + xmlSecNssKeySlotPtr keySlot |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotBindMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE type |
| +) ; |
| + |
| +XMLSEC_CRYPTO_EXPORT int |
| +xmlSecNssKeySlotSupportMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE type |
| +) ; |
| + |
| + |
| +/************************************************************************ |
| + * PKCS#11 crypto token interfaces |
| + * |
| + * A PKCS#11 slot repository will be defined internally. From the |
| + * repository, a user can specify a particular slot for a certain crypto |
| + * mechanism. |
| + * |
| + * In some situation, some cryptographic operation should act in a user |
| + * designated devices. The interfaces defined here provide the way. If |
| + * the user do not initialize the repository distinctly, the interfaces |
| + * use the default functions provided by NSS itself. |
| + * |
| + ************************************************************************/ |
| +/** |
| + * Initialize NSS pkcs#11 slot repository |
| + * |
| + * Returns 0 if success or -1 if an error occurs. |
| + */ |
| +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; |
| + |
| +/** |
| + * Shutdown and destroy NSS pkcs#11 slot repository |
| + */ |
| +XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; |
| + |
| +/** |
| + * Get PKCS#11 slot handler |
| + * @type the mechanism that the slot must support. |
| + * |
| + * Returns a pointer to PKCS#11 slot or NULL if an error occurs. |
| + * |
| + * Notes: The returned handler must be destroied distinctly. |
| + */ |
| +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; |
| + |
| +/** |
| + * Adopt a pkcs#11 slot with a mechanism into the repository |
| + * @slot: the pkcs#11 slot. |
| + * @mech: the mechanism. |
| + * |
| + * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with |
| + * this mechanism only can perform on the @slot. |
| + * |
| + * Returns 0 if success or -1 if an error occurs. |
| + */ |
| +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; |
| + |
| +#ifdef __cplusplus |
| +} |
| +#endif /* __cplusplus */ |
| + |
| +#endif /* __XMLSEC_NSS_TOKENS_H__ */ |
| + |
| --- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200 |
| @@ -1 +1,236 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright......................... |
| + */ |
| +#include "globals.h" |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/keys.h> |
| +#include <xmlsec/keysmngr.h> |
| +#include <xmlsec/transforms.h> |
| +#include <xmlsec/errors.h> |
| + |
| +#include <xmlsec/mscrypto/crypto.h> |
| +#include <xmlsec/mscrypto/keysstore.h> |
| +#include <xmlsec/mscrypto/akmngr.h> |
| +#include <xmlsec/mscrypto/x509.h> |
| + |
| +/** |
| + * xmlSecMSCryptoAppliedKeysMngrCreate: |
| + * @hKeyStore: the pointer to key store. |
| + * @hCertStore: the pointer to certificate database. |
| + * |
| + * Create and load key store and certificate database into keys manager |
| + * |
| + * Returns keys manager pointer on success or NULL otherwise. |
| + */ |
| +xmlSecKeysMngrPtr |
| +xmlSecMSCryptoAppliedKeysMngrCreate( |
| + HCERTSTORE hKeyStore , |
| + HCERTSTORE hCertStore |
| +) { |
| + xmlSecKeyDataStorePtr certStore = NULL ; |
| + xmlSecKeysMngrPtr keyMngr = NULL ; |
| + xmlSecKeyStorePtr keyStore = NULL ; |
| + |
| + keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; |
| + if( keyStore == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeyStoreCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * At present, MS Crypto engine do not provide a way to setup a key store. |
| + */ |
| + if( keyStore != NULL ) { |
| + /*TODO: binding key store.*/ |
| + } |
| + |
| + keyMngr = xmlSecKeysMngrCreate() ; |
| + if( keyMngr == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Add key store to manager, from now on keys manager destroys the store if |
| + * needed |
| + */ |
| + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecKeysMngrAdoptKeyStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + xmlSecKeysMngrDestroy( keyMngr ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Initialize crypto library specific data in keys manager |
| + */ |
| + if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecMSCryptoKeysMngrInit" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeysMngrDestroy( keyMngr ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Set certificate databse to X509 key data store |
| + */ |
| + /*- |
| + * At present, MS Crypto engine do not provide a way to setup a cert store. |
| + */ |
| + |
| + /*- |
| + * Set the getKey callback |
| + */ |
| + keyMngr->getKey = xmlSecKeysMngrGetKey ; |
| + |
| + return keyMngr ; |
| +} |
| + |
| +int |
| +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + HCRYPTKEY symKey |
| +) { |
| + /*TODO: import the key into keys manager.*/ |
| + return(0) ; |
| +} |
| + |
| +int |
| +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + HCRYPTKEY pubKey |
| +) { |
| + /*TODO: import the key into keys manager.*/ |
| + return(0) ; |
| +} |
| + |
| +int |
| +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + HCRYPTKEY priKey |
| +) { |
| + /*TODO: import the key into keys manager.*/ |
| + return(0) ; |
| +} |
| + |
| +int |
| +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( |
| + xmlSecKeysMngrPtr mngr , |
| + HCERTSTORE keyStore |
| +) { |
| + xmlSecKeyDataStorePtr x509Store ; |
| + |
| + xmlSecAssert2( mngr != NULL, -1 ) ; |
| + xmlSecAssert2( keyStore != NULL, -1 ) ; |
| + |
| + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; |
| + if( x509Store == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrGetDataStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ) ; |
| + } |
| + |
| + if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , |
| + "xmlSecMSCryptoX509StoreAdoptKeyStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ) ; |
| + } |
| + |
| + return( 0 ) ; |
| +} |
| + |
| +int |
| +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( |
| + xmlSecKeysMngrPtr mngr , |
| + HCERTSTORE trustedStore |
| +) { |
| + xmlSecKeyDataStorePtr x509Store ; |
| + |
| + xmlSecAssert2( mngr != NULL, -1 ) ; |
| + xmlSecAssert2( trustedStore != NULL, -1 ) ; |
| + |
| + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; |
| + if( x509Store == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrGetDataStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ) ; |
| + } |
| + |
| + if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , |
| + "xmlSecMSCryptoX509StoreAdoptKeyStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ) ; |
| + } |
| + |
| + return( 0 ) ; |
| +} |
| + |
| +int |
| +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( |
| + xmlSecKeysMngrPtr mngr , |
| + HCERTSTORE untrustedStore |
| +) { |
| + xmlSecKeyDataStorePtr x509Store ; |
| + |
| + xmlSecAssert2( mngr != NULL, -1 ) ; |
| + xmlSecAssert2( untrustedStore != NULL, -1 ) ; |
| + |
| + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; |
| + if( x509Store == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrGetDataStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ) ; |
| + } |
| + |
| + if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , |
| + "xmlSecMSCryptoX509StoreAdoptKeyStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ) ; |
| + } |
| + |
| + return( 0 ) ; |
| +} |
| + |
| --- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200 |
| @@ -35,6 +35,9 @@ |
| kw_des.c \ |
| kw_aes.c \ |
| globals.h \ |
| + akmngr.c \ |
| + keywrapers.c \ |
| + tokens.c \ |
| $(NULL) |
| |
| if SHAREDLIB_HACK |
| --- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200 |
| @@ -72,7 +72,8 @@ |
| am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \ |
| digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ |
| x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ |
| - ../strings.c |
| + ../strings.c \ |
| + akmngr.c keywrapers.c tokens.c |
| am__objects_1 = |
| @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo |
| am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ |
| @@ -83,6 +84,8 @@ |
| libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \ |
| libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \ |
| libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \ |
| + libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \ |
| + libxmlsec1_nss_la-tokens.lo \ |
| $(am__objects_1) $(am__objects_2) |
| libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) |
| libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ |
| @@ -333,6 +336,7 @@ |
| libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \ |
| digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ |
| x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ |
| + akmngr.c keywrapers.c tokens.c \ |
| $(NULL) $(am__append_1) |
| libxmlsec1_nss_la_LIBADD = \ |
| ../libxmlsec1.la \ |
| @@ -439,6 +443,9 @@ |
| @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ |
| @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ |
| @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ |
| +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@ |
| +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@ |
| +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@ |
| |
| .c.o: |
| @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< |
| @@ -468,6 +475,27 @@ |
| @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
| @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c |
| |
| +libxmlsec1_nss_la-akmngr.lo: akmngr.c |
| +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ |
| +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi |
| +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ |
| +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
| +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c |
| + |
| +libxmlsec1_nss_la-keywrapers.lo: keywrapers.c |
| +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \ |
| +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi |
| +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@ |
| +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
| +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c |
| + |
| +libxmlsec1_nss_la-tokens.lo: tokens.c |
| +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \ |
| +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi |
| +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@ |
| +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ |
| +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c |
| + |
| libxmlsec1_nss_la-bignum.lo: bignum.c |
| @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c |
| @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo |
| --- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200 |
| @@ -1 +1,384 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright......................... |
| + */ |
| +#include "globals.h" |
| + |
| +#include <nspr.h> |
| +#include <nss.h> |
| +#include <pk11func.h> |
| +#include <cert.h> |
| +#include <keyhi.h> |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/keys.h> |
| +#include <xmlsec/transforms.h> |
| +#include <xmlsec/errors.h> |
| + |
| +#include <xmlsec/nss/crypto.h> |
| +#include <xmlsec/nss/tokens.h> |
| +#include <xmlsec/nss/akmngr.h> |
| +#include <xmlsec/nss/pkikeys.h> |
| +#include <xmlsec/nss/ciphers.h> |
| +#include <xmlsec/nss/keysstore.h> |
| + |
| +/** |
| + * xmlSecNssAppliedKeysMngrCreate: |
| + * @slot: array of pointers to NSS PKCS#11 slot infomation. |
| + * @cSlots: number of slots in the array |
| + * @handler: the pointer to NSS certificate database. |
| + * |
| + * Create and load NSS crypto slot and certificate database into keys manager |
| + * |
| + * Returns keys manager pointer on success or NULL otherwise. |
| + */ |
| +xmlSecKeysMngrPtr |
| +xmlSecNssAppliedKeysMngrCreate( |
| + PK11SlotInfo** slots, |
| + int cSlots, |
| + CERTCertDBHandle* handler |
| +) { |
| + xmlSecKeyDataStorePtr certStore = NULL ; |
| + xmlSecKeysMngrPtr keyMngr = NULL ; |
| + xmlSecKeyStorePtr keyStore = NULL ; |
| + int islot = 0; |
| + keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; |
| + if( keyStore == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeyStoreCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return NULL ; |
| + } |
| + |
| + for (islot = 0; islot < cSlots; islot++) |
| + { |
| + xmlSecNssKeySlotPtr keySlot ; |
| + |
| + /* Create a key slot */ |
| + keySlot = xmlSecNssKeySlotCreate() ; |
| + if( keySlot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecNssKeySlotCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + return NULL ; |
| + } |
| + |
| + /* Set slot */ |
| + if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecNssKeySlotSetSlot" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + xmlSecNssKeySlotDestroy( keySlot ) ; |
| + return NULL ; |
| + } |
| + |
| + /* Adopt keySlot */ |
| + if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecNssKeysStoreAdoptKeySlot" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + xmlSecNssKeySlotDestroy( keySlot ) ; |
| + return NULL ; |
| + } |
| + } |
| + |
| + keyMngr = xmlSecKeysMngrCreate() ; |
| + if( keyMngr == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Add key store to manager, from now on keys manager destroys the store if |
| + * needed |
| + */ |
| + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecKeysMngrAdoptKeyStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyStoreDestroy( keyStore ) ; |
| + xmlSecKeysMngrDestroy( keyMngr ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Initialize crypto library specific data in keys manager |
| + */ |
| + if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeysMngrDestroy( keyMngr ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Set certificate databse to X509 key data store |
| + */ |
| + /** |
| + * Because Tej's implementation of certDB use the default DB, so I ignore |
| + * the certDB handler at present. I'll modify the cert store sources to |
| + * accept particular certDB instead of default ones. |
| + certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; |
| + if( certStore == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecKeysMngrGetDataStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeysMngrDestroy( keyMngr ) ; |
| + return NULL ; |
| + } |
| + |
| + if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , |
| + "xmlSecNssKeyDataStoreX509SetCertDb" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeysMngrDestroy( keyMngr ) ; |
| + return NULL ; |
| + } |
| + */ |
| + |
| + /*- |
| + * Set the getKey callback |
| + */ |
| + keyMngr->getKey = xmlSecKeysMngrGetKey ; |
| + |
| + return keyMngr ; |
| +} |
| + |
| +int |
| +xmlSecNssAppliedKeysMngrSymKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + PK11SymKey* symKey |
| +) { |
| + xmlSecKeyPtr key ; |
| + xmlSecKeyDataPtr data ; |
| + xmlSecKeyStorePtr keyStore ; |
| + |
| + xmlSecAssert2( mngr != NULL , -1 ) ; |
| + xmlSecAssert2( symKey != NULL , -1 ) ; |
| + |
| + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; |
| + if( keyStore == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrGetKeysStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; |
| + |
| + data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; |
| + if( data == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + |
| + key = xmlSecKeyCreate() ; |
| + if( key == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( xmlSecKeySetValue( key , data ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDestroy( key ) ; |
| + return(-1) ; |
| + } |
| + |
| + return(0) ; |
| +} |
| + |
| +int |
| +xmlSecNssAppliedKeysMngrPubKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + SECKEYPublicKey* pubKey |
| +) { |
| + xmlSecKeyPtr key ; |
| + xmlSecKeyDataPtr data ; |
| + xmlSecKeyStorePtr keyStore ; |
| + |
| + xmlSecAssert2( mngr != NULL , -1 ) ; |
| + xmlSecAssert2( pubKey != NULL , -1 ) ; |
| + |
| + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; |
| + if( keyStore == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrGetKeysStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; |
| + |
| + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; |
| + if( data == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssPKIAdoptKey" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + |
| + key = xmlSecKeyCreate() ; |
| + if( key == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( xmlSecKeySetValue( key , data ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDestroy( key ) ; |
| + return(-1) ; |
| + } |
| + |
| + return(0) ; |
| +} |
| + |
| +int |
| +xmlSecNssAppliedKeysMngrPriKeyLoad( |
| + xmlSecKeysMngrPtr mngr , |
| + SECKEYPrivateKey* priKey |
| +) { |
| + xmlSecKeyPtr key ; |
| + xmlSecKeyDataPtr data ; |
| + xmlSecKeyStorePtr keyStore ; |
| + |
| + xmlSecAssert2( mngr != NULL , -1 ) ; |
| + xmlSecAssert2( priKey != NULL , -1 ) ; |
| + |
| + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; |
| + if( keyStore == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeysMngrGetKeysStore" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; |
| + |
| + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; |
| + if( data == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssPKIAdoptKey" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + |
| + key = xmlSecKeyCreate() ; |
| + if( key == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( xmlSecKeySetValue( key , data ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataKeyAdopt" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDestroy( key ) ; |
| + return(-1) ; |
| + } |
| + |
| + return(0) ; |
| +} |
| + |
| --- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200 |
| @@ -23,8 +23,8 @@ |
| #include <xmlsec/transforms.h> |
| #include <xmlsec/errors.h> |
| |
| -#include <xmlsec/nss/app.h> |
| #include <xmlsec/nss/crypto.h> |
| +#include <xmlsec/nss/tokens.h> |
| |
| /* sizes in bits */ |
| #define XMLSEC_NSS_MIN_HMAC_SIZE 80 |
| @@ -286,13 +286,13 @@ |
| keyItem.data = xmlSecBufferGetData(buffer); |
| keyItem.len = xmlSecBufferGetSize(buffer); |
| |
| - slot = PK11_GetBestSlot(ctx->digestType, NULL); |
| + slot = xmlSecNssSlotGet(ctx->digestType); |
| if(slot == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), |
| - "PK11_GetBestSlot", |
| + "xmlSecNssSlotGet", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| return(-1); |
| } |
| |
| --- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200 |
| @@ -1,36 +1,56 @@ |
| /** |
| * XMLSec library |
| * |
| - * Nss keys store that uses Simple Keys Store under the hood. Uses the |
| - * Nss DB as a backing store for the finding keys, but the NSS DB is |
| - * not written to by the keys store. |
| - * So, if store->findkey is done and the key is not found in the simple |
| - * keys store, the NSS DB is looked up. |
| - * If store is called to adopt a key, that key is not written to the NSS |
| - * DB. |
| - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate |
| - * source of keys for xmlsec |
| - * |
| * This is free software; see Copyright file in the source |
| * distribution for precise wording. |
| * |
| * Copyright (c) 2003 America Online, Inc. All rights reserved. |
| */ |
| + |
| +/** |
| + * NSS key store uses a key list and a slot list as the key repository. NSS slot |
| + * list is a backup repository for the finding keys. If a key is not found from |
| + * the key list, the NSS slot list is looked up. |
| + * |
| + * Any key in the key list will not save to pkcs11 slot. When a store to called |
| + * to adopt a key, the key is resident in the key list; While a store to called |
| + * to set a is resident in the key list; While a store to called to set a slot |
| + * list, which means that the keys in the listed slot can be used for xml sign- |
| + * nature or encryption. |
| + * |
| + * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. |
| + * |
| + * The framework will decrease the user interfaces to administrate xmlSec crypto |
| + * engine. He can only focus on NSS layer functions. For examples, after the |
| + * user set up a slot list handler to the keys store, he do not need to do any |
| + * other work atop xmlSec interfaces, his action on the slot list handler, such |
| + * as add a token to, delete a token from the list, will directly effect the key |
| + * store behaviors. |
| + * |
| + * For example, a scenariio: |
| + * 0. Create a slot list;( NSS interfaces ) |
| + * 1. Create a keys store;( xmlSec interfaces ) |
| + * 2. Set slot list with the keys store;( xmlSec Interfaces ) |
| + * 3. Add a slot to the slot list;( NSS interfaces ) |
| + * 4. Perform xml signature; ( xmlSec Interfaces ) |
| + * 5. Deleter a slot from the slot list;( NSS interfaces ) |
| + * 6. Perform xml encryption; ( xmlSec Interfaces ) |
| + * 7. Perform xml signature;( xmlSec Interfaces ) |
| + * 8. Destroy the keys store;( xmlSec Interfaces ) |
| + * 8. Destroy the slot list.( NSS Interfaces ) |
| + */ |
| #include "globals.h" |
| |
| #include <stdlib.h> |
| #include <string.h> |
| |
| #include <nss.h> |
| -#include <cert.h> |
| #include <pk11func.h> |
| +#include <prinit.h> |
| #include <keyhi.h> |
| |
| -#include <libxml/tree.h> |
| - |
| #include <xmlsec/xmlsec.h> |
| -#include <xmlsec/buffer.h> |
| -#include <xmlsec/base64.h> |
| +#include <xmlsec/keys.h> |
| #include <xmlsec/errors.h> |
| #include <xmlsec/xmltree.h> |
| |
| @@ -38,82 +58,461 @@ |
| |
| #include <xmlsec/nss/crypto.h> |
| #include <xmlsec/nss/keysstore.h> |
| -#include <xmlsec/nss/x509.h> |
| +#include <xmlsec/nss/tokens.h> |
| +#include <xmlsec/nss/ciphers.h> |
| #include <xmlsec/nss/pkikeys.h> |
| |
| /**************************************************************************** |
| * |
| - * Nss Keys Store. Uses Simple Keys Store under the hood |
| + * Internal NSS key store context |
| * |
| - * Simple Keys Store ptr is located after xmlSecKeyStore |
| + * This context is located after xmlSecKeyStore |
| * |
| ***************************************************************************/ |
| +typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; |
| +typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; |
| + |
| +struct _xmlSecNssKeysStoreCtx { |
| + xmlSecPtrListPtr keyList ; |
| + xmlSecPtrListPtr slotList ; |
| +} ; |
| + |
| #define xmlSecNssKeysStoreSize \ |
| - (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) |
| + ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) |
| |
| -#define xmlSecNssKeysStoreGetSS(store) \ |
| - ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ |
| - (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ |
| - (xmlSecKeyStorePtr*)NULL) |
| - |
| -static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); |
| -static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); |
| -static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, |
| - const xmlChar* name, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx); |
| +#define xmlSecNssKeysStoreGetCtx( data ) \ |
| + ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) |
| |
| -static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { |
| - sizeof(xmlSecKeyStoreKlass), |
| - xmlSecNssKeysStoreSize, |
| +int xmlSecNssKeysStoreAdoptKeySlot( |
| + xmlSecKeyStorePtr store , |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + xmlSecNssKeysStoreCtxPtr context = NULL ; |
| + |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; |
| + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; |
| + context = xmlSecNssKeysStoreGetCtx( store ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecNssKeysStoreGetCtx" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + |
| + if( context->slotList == NULL ) { |
| + if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecPtrListCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + } |
| + |
| + if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecPtrListCheckId" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + |
| + if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecPtrListAdd" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + return 0 ; |
| +} |
| |
| - /* data */ |
| - BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ |
| - |
| - /* constructors/destructor */ |
| - xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ |
| - xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ |
| - xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ |
| - |
| - /* reserved for the future */ |
| - NULL, /* void* reserved0; */ |
| - NULL, /* void* reserved1; */ |
| -}; |
| +int xmlSecNssKeysStoreAdoptKey( |
| + xmlSecKeyStorePtr store , |
| + xmlSecKeyPtr key |
| +) { |
| + xmlSecNssKeysStoreCtxPtr context = NULL ; |
| + |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; |
| + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; |
| + |
| + context = xmlSecNssKeysStoreGetCtx( store ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecNssKeysStoreGetCtx" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + |
| + if( context->keyList == NULL ) { |
| + if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecPtrListCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + } |
| + |
| + if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecPtrListCheckId" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + |
| + if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecPtrListAdd" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| |
| -/** |
| - * xmlSecNssKeysStoreGetKlass: |
| - * |
| - * The Nss list based keys store klass. |
| + return 0 ; |
| +} |
| + |
| +/* |
| + * xmlSecKeyStoreInitializeMethod: |
| + * @store: the store. |
| + * |
| + * Keys store specific initialization method. |
| * |
| - * Returns: Nss list based keys store klass. |
| + * Returns 0 on success or a negative value if an error occurs. |
| */ |
| -xmlSecKeyStoreId |
| -xmlSecNssKeysStoreGetKlass(void) { |
| - return(&xmlSecNssKeysStoreKlass); |
| +static int |
| +xmlSecNssKeysStoreInitialize( |
| + xmlSecKeyStorePtr store |
| +) { |
| + xmlSecNssKeysStoreCtxPtr context = NULL ; |
| + |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; |
| + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; |
| + |
| + context = xmlSecNssKeysStoreGetCtx( store ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecNssKeysStoreGetCtx" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + |
| + context->keyList = NULL ; |
| + context->slotList = NULL ; |
| + |
| + return 0 ; |
| } |
| |
| /** |
| - * xmlSecNssKeysStoreAdoptKey: |
| - * @store: the pointer to Nss keys store. |
| - * @key: the pointer to key. |
| - * |
| - * Adds @key to the @store. |
| * |
| - * Returns: 0 on success or a negative value if an error occurs. |
| + * xmlSecKeyStoreFinalizeMethod: |
| + * @store: the store. |
| + * |
| + * Keys store specific finalization (destroy) method. |
| */ |
| -int |
| -xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { |
| - xmlSecKeyStorePtr *ss; |
| - |
| - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); |
| - xmlSecAssert2((key != NULL), -1); |
| +void |
| +xmlSecNssKeysStoreFinalize( |
| + xmlSecKeyStorePtr store |
| +) { |
| + xmlSecNssKeysStoreCtxPtr context = NULL ; |
| + |
| + xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; |
| + xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; |
| + |
| + context = xmlSecNssKeysStoreGetCtx( store ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecNssKeysStoreGetCtx" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return ; |
| + } |
| + |
| + if( context->keyList != NULL ) { |
| + xmlSecPtrListDestroy( context->keyList ) ; |
| + context->keyList = NULL ; |
| + } |
| + |
| + if( context->slotList != NULL ) { |
| + xmlSecPtrListDestroy( context->slotList ) ; |
| + context->slotList = NULL ; |
| + } |
| +} |
| + |
| +xmlSecKeyPtr |
| +xmlSecNssKeysStoreFindKeyFromSlot( |
| + PK11SlotInfo* slot, |
| + const xmlChar* name, |
| + xmlSecKeyInfoCtxPtr keyInfoCtx |
| +) { |
| + xmlSecKeyPtr key = NULL ; |
| + xmlSecKeyDataPtr data = NULL ; |
| + int length ; |
| + |
| + xmlSecAssert2( slot != NULL , NULL ) ; |
| + xmlSecAssert2( name != NULL , NULL ) ; |
| + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; |
| + |
| + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { |
| + PK11SymKey* symKey ; |
| + PK11SymKey* curKey ; |
| + |
| + /* Find symmetric key from the slot by name */ |
| + symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; |
| + for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { |
| + /* Check the key request */ |
| + length = PK11_GetKeyLength( curKey ) ; |
| + length *= 8 ; |
| + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && |
| + ( length > 0 ) && |
| + ( length < keyInfoCtx->keyReq.keyBitsSize ) ) |
| + continue ; |
| + |
| + /* We find a eligible key */ |
| + data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; |
| + if( data == NULL ) { |
| + /* Do nothing */ |
| + } |
| + break ; |
| + } |
| + |
| + /* Destroy the sym key list */ |
| + for( curKey = symKey ; curKey != NULL ; ) { |
| + symKey = curKey ; |
| + curKey = PK11_GetNextSymKey( symKey ) ; |
| + PK11_FreeSymKey( symKey ) ; |
| + } |
| + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { |
| + SECKEYPublicKeyList* pubKeyList ; |
| + SECKEYPublicKey* pubKey ; |
| + SECKEYPublicKeyListNode* curPub ; |
| + |
| + /* Find asymmetric key from the slot by name */ |
| + pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; |
| + pubKey = NULL ; |
| + curPub = PUBKEY_LIST_HEAD(pubKeyList); |
| + for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { |
| + /* Check the key request */ |
| + length = SECKEY_PublicKeyStrength( curPub->key ) ; |
| + length *= 8 ; |
| + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && |
| + ( length > 0 ) && |
| + ( length < keyInfoCtx->keyReq.keyBitsSize ) ) |
| + continue ; |
| + |
| + /* We find a eligible key */ |
| + pubKey = curPub->key ; |
| + break ; |
| + } |
| + |
| + if( pubKey != NULL ) { |
| + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; |
| + if( data == NULL ) { |
| + /* Do nothing */ |
| + } |
| + } |
| + |
| + /* Destroy the public key list */ |
| + SECKEY_DestroyPublicKeyList( pubKeyList ) ; |
| + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { |
| + SECKEYPrivateKeyList* priKeyList = NULL ; |
| + SECKEYPrivateKey* priKey = NULL ; |
| + SECKEYPrivateKeyListNode* curPri ; |
| + |
| + /* Find asymmetric key from the slot by name */ |
| + priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; |
| + priKey = NULL ; |
| + curPri = PRIVKEY_LIST_HEAD(priKeyList); |
| + for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { |
| + /* Check the key request */ |
| + length = PK11_SignatureLen( curPri->key ) ; |
| + length *= 8 ; |
| + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && |
| + ( length > 0 ) && |
| + ( length < keyInfoCtx->keyReq.keyBitsSize ) ) |
| + continue ; |
| + |
| + /* We find a eligible key */ |
| + priKey = curPri->key ; |
| + break ; |
| + } |
| + |
| + if( priKey != NULL ) { |
| + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; |
| + if( data == NULL ) { |
| + /* Do nothing */ |
| + } |
| + } |
| + |
| + /* Destroy the private key list */ |
| + SECKEY_DestroyPrivateKeyList( priKeyList ) ; |
| + } |
| + |
| + /* If we have gotten the key value */ |
| + if( data != NULL ) { |
| + if( ( key = xmlSecKeyCreate() ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeyCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyDataDestroy( data ) ; |
| + return NULL ; |
| + } |
| + |
| + if( xmlSecKeySetValue( key , data ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeySetValue" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyDestroy( key ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return NULL ; |
| + } |
| + } |
| |
| - ss = xmlSecNssKeysStoreGetSS(store); |
| - xmlSecAssert2(((ss != NULL) && (*ss != NULL) && |
| - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); |
| + return(key); |
| +} |
| + |
| +/** |
| + * xmlSecKeyStoreFindKeyMethod: |
| + * @store: the store. |
| + * @name: the desired key name. |
| + * @keyInfoCtx: the pointer to key info context. |
| + * |
| + * Keys store specific find method. The caller is responsible for destroying |
| + * the returned key using #xmlSecKeyDestroy method. |
| + * |
| + * Returns the pointer to a key or NULL if key is not found or an error occurs. |
| + */ |
| +static xmlSecKeyPtr |
| +xmlSecNssKeysStoreFindKey( |
| + xmlSecKeyStorePtr store , |
| + const xmlChar* name , |
| + xmlSecKeyInfoCtxPtr keyInfoCtx |
| +) { |
| + xmlSecNssKeysStoreCtxPtr context = NULL ; |
| + xmlSecKeyPtr key = NULL ; |
| + xmlSecNssKeySlotPtr keySlot = NULL ; |
| + xmlSecSize pos ; |
| + xmlSecSize size ; |
| + |
| + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; |
| + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; |
| + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; |
| + |
| + context = xmlSecNssKeysStoreGetCtx( store ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecNssKeysStoreGetCtx" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return NULL ; |
| + } |
| + |
| + /*- |
| + * Look for key at keyList at first. |
| + */ |
| + if( context->keyList != NULL ) { |
| + size = xmlSecPtrListGetSize( context->keyList ) ; |
| + for( pos = 0 ; pos < size ; pos ++ ) { |
| + key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; |
| + if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { |
| + return xmlSecKeyDuplicate( key ) ; |
| + } |
| + } |
| + } |
| + |
| + /*- |
| + * Find the key from slotList |
| + */ |
| + if( context->slotList != NULL ) { |
| + PK11SlotInfo* slot = NULL ; |
| + |
| + size = xmlSecPtrListGetSize( context->slotList ) ; |
| + for( pos = 0 ; pos < size ; pos ++ ) { |
| + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; |
| + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; |
| + if( slot == NULL ) { |
| + continue ; |
| + } else { |
| + key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; |
| + if( key == NULL ) { |
| + continue ; |
| + } else { |
| + return( key ) ; |
| + } |
| + } |
| + } |
| + } |
| + |
| + /*- |
| + * Create a session key if we can not find the key from keyList and slotList |
| + */ |
| + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { |
| + key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; |
| + if( key == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , |
| + "xmlSecKeySetValue" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return NULL ; |
| + } |
| + |
| + return key ; |
| + } |
| + |
| + /** |
| + * We have no way to find the key any more. |
| + */ |
| + return NULL ; |
| +} |
| + |
| +static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { |
| + sizeof( xmlSecKeyStoreKlass ) , |
| + xmlSecNssKeysStoreSize , |
| + BAD_CAST "implicit_nss_keys_store" , |
| + xmlSecNssKeysStoreInitialize , |
| + xmlSecNssKeysStoreFinalize , |
| + xmlSecNssKeysStoreFindKey , |
| + NULL , |
| + NULL |
| +} ; |
| |
| - return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); |
| +/** |
| + * xmlSecNssKeysStoreGetKlass: |
| + * |
| + * The simple list based keys store klass. |
| + * |
| + */ |
| +xmlSecKeyStoreId |
| +xmlSecNssKeysStoreGetKlass( void ) { |
| + return &xmlSecNssKeysStoreKlass ; |
| } |
| |
| +/************************** |
| + * Application routines |
| + */ |
| + |
| /** |
| * xmlSecNssKeysStoreLoad: |
| * @store: the pointer to Nss keys store. |
| @@ -252,234 +651,147 @@ |
| */ |
| int |
| xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { |
| - xmlSecKeyStorePtr *ss; |
| + xmlSecKeyInfoCtx keyInfoCtx; |
| + xmlSecNssKeysStoreCtxPtr context ; |
| + xmlSecPtrListPtr list; |
| + xmlSecKeyPtr key; |
| + xmlSecSize i, keysSize; |
| + xmlDocPtr doc; |
| + xmlNodePtr cur; |
| + xmlSecKeyDataPtr data; |
| + xmlSecPtrListPtr idsList; |
| + xmlSecKeyDataId dataId; |
| + xmlSecSize idsSize, j; |
| + int ret; |
| |
| xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); |
| - xmlSecAssert2((filename != NULL), -1); |
| - |
| - ss = xmlSecNssKeysStoreGetSS(store); |
| - xmlSecAssert2(((ss != NULL) && (*ss != NULL) && |
| - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); |
| - |
| - return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); |
| -} |
| - |
| -static int |
| -xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { |
| - xmlSecKeyStorePtr *ss; |
| + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; |
| + xmlSecAssert2(filename != NULL, -1); |
| |
| - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); |
| + context = xmlSecNssKeysStoreGetCtx( store ) ; |
| + xmlSecAssert2( context != NULL, -1 ); |
| |
| - ss = xmlSecNssKeysStoreGetSS(store); |
| - xmlSecAssert2((*ss == NULL), -1); |
| + list = context->keyList ; |
| + xmlSecAssert2( list != NULL, -1 ); |
| + xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); |
| |
| - *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); |
| - if(*ss == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| + /* create doc */ |
| + doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); |
| + if(doc == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| - "xmlSecKeyStoreCreate", |
| + "xmlSecCreateTree", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "xmlSecSimpleKeysStoreId"); |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| return(-1); |
| } |
| |
| - return(0); |
| -} |
| - |
| -static void |
| -xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { |
| - xmlSecKeyStorePtr *ss; |
| - |
| - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); |
| - |
| - ss = xmlSecNssKeysStoreGetSS(store); |
| - xmlSecAssert((ss != NULL) && (*ss != NULL)); |
| - |
| - xmlSecKeyStoreDestroy(*ss); |
| -} |
| - |
| -static xmlSecKeyPtr |
| -xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| - xmlSecKeyStorePtr* ss; |
| - xmlSecKeyPtr key = NULL; |
| - xmlSecKeyPtr retval = NULL; |
| - xmlSecKeyReqPtr keyReq = NULL; |
| - CERTCertificate *cert = NULL; |
| - SECKEYPublicKey *pubkey = NULL; |
| - SECKEYPrivateKey *privkey = NULL; |
| - xmlSecKeyDataPtr data = NULL; |
| - xmlSecKeyDataPtr x509Data = NULL; |
| - int ret; |
| - |
| - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); |
| - xmlSecAssert2(keyInfoCtx != NULL, NULL); |
| - |
| - ss = xmlSecNssKeysStoreGetSS(store); |
| - xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); |
| - |
| - key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); |
| - if (key != NULL) { |
| - return (key); |
| - } |
| - |
| - /* Try to find the key in the NSS DB, and construct an xmlSecKey. |
| - * we must have a name to lookup keys in NSS DB. |
| - */ |
| - if (name == NULL) { |
| - goto done; |
| - } |
| + idsList = xmlSecKeyDataIdsGet(); |
| + xmlSecAssert2(idsList != NULL, -1); |
| |
| - /* what type of key are we looking for? |
| - * TBD: For now, we'll look only for public/private keys using the |
| - * name as a cert nickname. Later on, we can attempt to find |
| - * symmetric keys using PK11_FindFixedKey |
| - */ |
| - keyReq = &(keyInfoCtx->keyReq); |
| - if (keyReq->keyType & |
| - (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { |
| - cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); |
| - if (cert == NULL) { |
| - goto done; |
| - } |
| + keysSize = xmlSecPtrListGetSize(list); |
| + idsSize = xmlSecPtrListGetSize(idsList); |
| + for(i = 0; i < keysSize; ++i) { |
| + key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); |
| + xmlSecAssert2(key != NULL, -1); |
| |
| - if (keyReq->keyType & xmlSecKeyDataTypePublic) { |
| - pubkey = CERT_ExtractPublicKey(cert); |
| - if (pubkey == NULL) { |
| + cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); |
| + if(cur == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "CERT_ExtractPublicKey", |
| - XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - goto done; |
| - } |
| + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| + "xmlSecAddChild", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "node=%s", |
| + xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); |
| + xmlFreeDoc(doc); |
| + return(-1); |
| } |
| |
| - if (keyReq->keyType & xmlSecKeyDataTypePrivate) { |
| - privkey = PK11_FindKeyByAnyCert(cert, NULL); |
| - if (privkey == NULL) { |
| + /* special data key name */ |
| + if(xmlSecKeyGetName(key) != NULL) { |
| + if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "PK11_FindKeyByAnyCert", |
| - XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - goto done; |
| + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| + "xmlSecAddChild", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "node=%s", |
| + xmlSecErrorsSafeString(xmlSecNodeKeyName)); |
| + xmlFreeDoc(doc); |
| + return(-1); |
| } |
| } |
| |
| - data = xmlSecNssPKIAdoptKey(privkey, pubkey); |
| - if(data == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssPKIAdoptKey", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - goto done; |
| - } |
| - privkey = NULL; |
| - pubkey = NULL; |
| - |
| - key = xmlSecKeyCreate(); |
| - if (key == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecKeyCreate", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return (NULL); |
| - } |
| - |
| - x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); |
| - if(x509Data == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecKeyDataCreate", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "transform=%s", |
| - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); |
| - goto done; |
| - } |
| + /* create nodes for other keys data */ |
| + for(j = 0; j < idsSize; ++j) { |
| + dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); |
| + xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); |
| + |
| + if(dataId->dataNodeName == NULL) { |
| + continue; |
| + } |
| + |
| + data = xmlSecKeyGetData(key, dataId); |
| + if(data == NULL) { |
| + continue; |
| + } |
| |
| - ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); |
| - if (ret < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssKeyDataX509AdoptKeyCert", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "data=%s", |
| - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); |
| - goto done; |
| - } |
| - cert = CERT_DupCertificate(cert); |
| - if (cert == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "CERT_DupCertificate", |
| - XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - "data=%s", |
| - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); |
| - goto done; |
| + if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| + "xmlSecAddChild", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "node=%s", |
| + xmlSecErrorsSafeString(dataId->dataNodeName)); |
| + xmlFreeDoc(doc); |
| + return(-1); |
| + } |
| } |
| |
| - ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); |
| + ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); |
| if (ret < 0) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssKeyDataX509AdoptCert", |
| + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| + "xmlSecKeyInfoCtxInitialize", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "data=%s", |
| - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); |
| - goto done; |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlFreeDoc(doc); |
| + return(-1); |
| } |
| - cert = NULL; |
| |
| - ret = xmlSecKeySetValue(key, data); |
| - if (ret < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecKeySetValue", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "data=%s", |
| - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); |
| - goto done; |
| - } |
| - data = NULL; |
| + keyInfoCtx.mode = xmlSecKeyInfoModeWrite; |
| + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; |
| + keyInfoCtx.keyReq.keyType = type; |
| + keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; |
| |
| - ret = xmlSecKeyAdoptData(key, x509Data); |
| + /* finally write key in the node */ |
| + ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); |
| if (ret < 0) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecKeyAdoptData", |
| + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| + "xmlSecKeyInfoNodeWrite", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "data=%s", |
| - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); |
| - goto done; |
| - } |
| - x509Data = NULL; |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); |
| + xmlFreeDoc(doc); |
| + return(-1); |
| + } |
| |
| - retval = key; |
| - key = NULL; |
| + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); |
| } |
| |
| -done: |
| - if (cert != NULL) { |
| - CERT_DestroyCertificate(cert); |
| - } |
| - if (pubkey != NULL) { |
| - SECKEY_DestroyPublicKey(pubkey); |
| - } |
| - if (privkey != NULL) { |
| - SECKEY_DestroyPrivateKey(privkey); |
| - } |
| - if (data != NULL) { |
| - xmlSecKeyDataDestroy(data); |
| - } |
| - if (x509Data != NULL) { |
| - xmlSecKeyDataDestroy(x509Data); |
| - } |
| - if (key != NULL) { |
| - xmlSecKeyDestroy(key); |
| + /* now write result */ |
| + ret = xmlSaveFormatFile(filename, doc, 1); |
| + if (ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), |
| + "xmlSaveFormatFile", |
| + XMLSEC_ERRORS_R_XML_FAILED, |
| + "filename=%s", |
| + xmlSecErrorsSafeString(filename)); |
| + xmlFreeDoc(doc); |
| + return(-1); |
| } |
| |
| - return (retval); |
| + xmlFreeDoc(doc); |
| + return(0); |
| } |
| --- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200 |
| @@ -1 +1,1213 @@ |
| -dummy |
| +/** |
| + * |
| + * XMLSec library |
| + * |
| + * AES Algorithm support |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright ................................. |
| + */ |
| +#include "globals.h" |
| + |
| +#include <stdlib.h> |
| +#include <stdio.h> |
| +#include <string.h> |
| + |
| +#include <nss.h> |
| +#include <pk11func.h> |
| +#include <hasht.h> |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/xmltree.h> |
| +#include <xmlsec/keys.h> |
| +#include <xmlsec/transforms.h> |
| +#include <xmlsec/errors.h> |
| + |
| +#include <xmlsec/nss/crypto.h> |
| +#include <xmlsec/nss/ciphers.h> |
| + |
| +#define XMLSEC_NSS_AES128_KEY_SIZE 16 |
| +#define XMLSEC_NSS_AES192_KEY_SIZE 24 |
| +#define XMLSEC_NSS_AES256_KEY_SIZE 32 |
| +#define XMLSEC_NSS_DES3_KEY_SIZE 24 |
| +#define XMLSEC_NSS_DES3_KEY_LENGTH 24 |
| +#define XMLSEC_NSS_DES3_IV_LENGTH 8 |
| +#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 |
| + |
| +static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { |
| + 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 |
| +}; |
| + |
| +/********************************************************************* |
| + * |
| + * key wrap transforms |
| + * |
| + ********************************************************************/ |
| +typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; |
| +typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; |
| + |
| +#define xmlSecNssKeyWrapSize \ |
| + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) |
| + |
| +#define xmlSecNssKeyWrapGetCtx( transform ) \ |
| + ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) |
| + |
| +struct _xmlSecNssKeyWrapCtx { |
| + CK_MECHANISM_TYPE cipher ; |
| + PK11SymKey* symkey ; |
| + xmlSecKeyDataId keyId ; |
| + xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ |
| +} ; |
| + |
| +static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); |
| +static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); |
| +static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, |
| + xmlSecKeyReqPtr keyReq); |
| +static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, |
| + xmlSecKeyPtr key); |
| +static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, |
| + int last, |
| + xmlSecTransformCtxPtr transformCtx); |
| +static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); |
| + |
| +static int |
| +xmlSecNssKeyWrapCheckId( |
| + xmlSecTransformPtr transform |
| +) { |
| + #ifndef XMLSEC_NO_DES |
| + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { |
| + return(1); |
| + } |
| + #endif /* XMLSEC_NO_DES */ |
| + |
| + #ifndef XMLSEC_NO_AES |
| + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || |
| + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || |
| + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { |
| + |
| + return(1); |
| + } |
| + #endif /* XMLSEC_NO_AES */ |
| + |
| + return(0); |
| +} |
| + |
| +static xmlSecSize |
| +xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { |
| +#ifndef XMLSEC_NO_DES |
| + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { |
| + return(XMLSEC_NSS_DES3_KEY_SIZE); |
| + } else |
| +#endif /* XMLSEC_NO_DES */ |
| + |
| +#ifndef XMLSEC_NO_AES |
| + if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { |
| + return(XMLSEC_NSS_AES128_KEY_SIZE); |
| + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { |
| + return(XMLSEC_NSS_AES192_KEY_SIZE); |
| + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { |
| + return(XMLSEC_NSS_AES256_KEY_SIZE); |
| + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { |
| + return(XMLSEC_NSS_AES256_KEY_SIZE); |
| + } else |
| +#endif /* XMLSEC_NO_AES */ |
| + |
| + if(1) |
| + return(0); |
| +} |
| + |
| + |
| +static int |
| +xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { |
| + xmlSecNssKeyWrapCtxPtr context ; |
| + int ret; |
| + |
| + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); |
| + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); |
| + |
| + context = xmlSecNssKeyWrapGetCtx( transform ) ; |
| + xmlSecAssert2( context != NULL , -1 ) ; |
| + |
| + #ifndef XMLSEC_NO_DES |
| + if( transform->id == xmlSecNssTransformKWDes3Id ) { |
| + context->cipher = CKM_DES3_CBC ; |
| + context->keyId = xmlSecNssKeyDataDesId ; |
| + } else |
| + #endif /* XMLSEC_NO_DES */ |
| + |
| + #ifndef XMLSEC_NO_AES |
| + if( transform->id == xmlSecNssTransformKWAes128Id ) { |
| + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ |
| + context->cipher = CKM_AES_CBC ; |
| + context->keyId = xmlSecNssKeyDataAesId ; |
| + } else |
| + if( transform->id == xmlSecNssTransformKWAes192Id ) { |
| + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ |
| + context->cipher = CKM_AES_CBC ; |
| + context->keyId = xmlSecNssKeyDataAesId ; |
| + } else |
| + if( transform->id == xmlSecNssTransformKWAes256Id ) { |
| + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ |
| + context->cipher = CKM_AES_CBC ; |
| + context->keyId = xmlSecNssKeyDataAesId ; |
| + } else |
| + #endif /* XMLSEC_NO_AES */ |
| + |
| + |
| + if( 1 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), |
| + NULL , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + context->symkey = NULL ; |
| + context->material = NULL ; |
| + |
| + return(0); |
| +} |
| + |
| +static void |
| +xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { |
| + xmlSecNssKeyWrapCtxPtr context ; |
| + |
| + xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); |
| + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); |
| + |
| + context = xmlSecNssKeyWrapGetCtx( transform ) ; |
| + xmlSecAssert( context != NULL ) ; |
| + |
| + if( context->symkey != NULL ) { |
| + PK11_FreeSymKey( context->symkey ) ; |
| + context->symkey = NULL ; |
| + } |
| + |
| + if( context->material != NULL ) { |
| + xmlSecBufferDestroy(context->material); |
| + context->material = NULL ; |
| + } |
| +} |
| + |
| +static int |
| +xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { |
| + xmlSecNssKeyWrapCtxPtr context ; |
| + xmlSecSize cipherSize = 0 ; |
| + |
| + |
| + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); |
| + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); |
| + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); |
| + xmlSecAssert2(keyReq != NULL, -1); |
| + |
| + context = xmlSecNssKeyWrapGetCtx( transform ) ; |
| + xmlSecAssert2( context != NULL , -1 ) ; |
| + |
| + keyReq->keyId = context->keyId; |
| + keyReq->keyType = xmlSecKeyDataTypeSymmetric; |
| + if(transform->operation == xmlSecTransformOperationEncrypt) { |
| + keyReq->keyUsage = xmlSecKeyUsageEncrypt; |
| + } else { |
| + keyReq->keyUsage = xmlSecKeyUsageDecrypt; |
| + } |
| + |
| + keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; |
| + |
| + return(0); |
| +} |
| + |
| +static int |
| +xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { |
| + xmlSecNssKeyWrapCtxPtr context = NULL ; |
| + xmlSecKeyDataPtr keyData = NULL ; |
| + PK11SymKey* symkey = NULL ; |
| + |
| + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); |
| + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); |
| + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); |
| + xmlSecAssert2(key != NULL, -1); |
| + |
| + context = xmlSecNssKeyWrapGetCtx( transform ) ; |
| + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + "xmlSecNssKeyWrapGetCtx" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; |
| + |
| + keyData = xmlSecKeyGetValue( key ) ; |
| + if( keyData == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , |
| + "xmlSecKeyGetValue" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , |
| + "xmlSecNssSymKeyDataGetKey" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + context->symkey = symkey ; |
| + |
| + return(0) ; |
| +} |
| + |
| +/** |
| + * key wrap transform |
| + */ |
| +static int |
| +xmlSecNssKeyWrapCtxInit( |
| + xmlSecNssKeyWrapCtxPtr ctx , |
| + xmlSecBufferPtr in , |
| + xmlSecBufferPtr out , |
| + int encrypt , |
| + xmlSecTransformCtxPtr transformCtx |
| +) { |
| + xmlSecSize blockSize ; |
| + |
| + xmlSecAssert2( ctx != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; |
| + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; |
| + xmlSecAssert2( in != NULL , -1 ) ; |
| + xmlSecAssert2( out != NULL , -1 ) ; |
| + xmlSecAssert2( transformCtx != NULL , -1 ) ; |
| + |
| + if( ctx->material != NULL ) { |
| + xmlSecBufferDestroy( ctx->material ) ; |
| + ctx->material = NULL ; |
| + } |
| + |
| + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_GetBlockSize" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + ctx->material = xmlSecBufferCreate( blockSize ) ; |
| + if( ctx->material == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferCreate" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + /* read raw key material into context */ |
| + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferSetData" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferRemoveHead" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +/** |
| + * key wrap transform update |
| + */ |
| +static int |
| +xmlSecNssKeyWrapCtxUpdate( |
| + xmlSecNssKeyWrapCtxPtr ctx , |
| + xmlSecBufferPtr in , |
| + xmlSecBufferPtr out , |
| + int encrypt , |
| + xmlSecTransformCtxPtr transformCtx |
| +) { |
| + xmlSecAssert2( ctx != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; |
| + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->material != NULL , -1 ) ; |
| + xmlSecAssert2( in != NULL , -1 ) ; |
| + xmlSecAssert2( out != NULL , -1 ) ; |
| + xmlSecAssert2( transformCtx != NULL , -1 ) ; |
| + |
| + /* read raw key material and append into context */ |
| + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferAppend" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferRemoveHead" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +static int |
| +xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { |
| + xmlSecSize s; |
| + xmlSecSize i; |
| + xmlSecByte c; |
| + |
| + xmlSecAssert2(buf != NULL, -1); |
| + |
| + s = size / 2; |
| + --size; |
| + for(i = 0; i < s; ++i) { |
| + c = buf[i]; |
| + buf[i] = buf[size - i]; |
| + buf[size - i] = c; |
| + } |
| + return(0); |
| +} |
| + |
| +static xmlSecByte * |
| +xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, |
| + xmlSecByte *out, xmlSecSize outSize) |
| +{ |
| + PK11Context *context = NULL; |
| + SECStatus s; |
| + xmlSecByte *digest = NULL; |
| + unsigned int len; |
| + |
| + xmlSecAssert2(in != NULL, NULL); |
| + xmlSecAssert2(out != NULL, NULL); |
| + xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); |
| + |
| + /* Create a context for hashing (digesting) */ |
| + context = PK11_CreateDigestContext(SEC_OID_SHA1); |
| + if (context == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_CreateDigestContext", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + s = PK11_DigestBegin(context); |
| + if (s != SECSuccess) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_DigestBegin", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + s = PK11_DigestOp(context, in, inSize); |
| + if (s != SECSuccess) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_DigestOp", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + s = PK11_DigestFinal(context, out, &len, outSize); |
| + if (s != SECSuccess) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_DigestFinal", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + xmlSecAssert2(len == SHA1_LENGTH, NULL); |
| + |
| + digest = out; |
| + |
| +done: |
| + if (context != NULL) { |
| + PK11_DestroyContext(context, PR_TRUE); |
| + } |
| + return (digest); |
| +} |
| + |
| +static int |
| +xmlSecNssKWDes3Encrypt( |
| + PK11SymKey* symKey , |
| + CK_MECHANISM_TYPE cipherMech , |
| + const xmlSecByte* iv , |
| + xmlSecSize ivSize , |
| + const xmlSecByte* in , |
| + xmlSecSize inSize , |
| + xmlSecByte* out , |
| + xmlSecSize outSize , |
| + int enc |
| +) { |
| + PK11Context* EncContext = NULL; |
| + SECItem ivItem ; |
| + SECItem* secParam = NULL ; |
| + int tmp1_outlen; |
| + unsigned int tmp2_outlen; |
| + int result_len = -1; |
| + SECStatus rv; |
| + |
| + xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; |
| + xmlSecAssert2( symKey != NULL , -1 ) ; |
| + xmlSecAssert2(iv != NULL, -1); |
| + xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); |
| + xmlSecAssert2(in != NULL, -1); |
| + xmlSecAssert2(inSize > 0, -1); |
| + xmlSecAssert2(out != NULL, -1); |
| + xmlSecAssert2(outSize >= inSize, -1); |
| + |
| + /* Prepare IV */ |
| + ivItem.data = ( unsigned char* )iv ; |
| + ivItem.len = ivSize ; |
| + |
| + secParam = PK11_ParamFromIV(cipherMech, &ivItem); |
| + if (secParam == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_ParamFromIV", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "Error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + EncContext = PK11_CreateContextBySymKey(cipherMech, |
| + enc ? CKA_ENCRYPT : CKA_DECRYPT, |
| + symKey, secParam); |
| + if (EncContext == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_CreateContextBySymKey", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "Error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + tmp1_outlen = tmp2_outlen = 0; |
| + rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, |
| + (unsigned char *)in, inSize); |
| + if (rv != SECSuccess) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_CipherOp", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "Error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, |
| + &tmp2_outlen, outSize-tmp1_outlen); |
| + if (rv != SECSuccess) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_DigestFinal", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "Error code = %d", PORT_GetError()); |
| + goto done; |
| + } |
| + |
| + result_len = tmp1_outlen + tmp2_outlen; |
| + |
| +done: |
| + if (secParam) { |
| + SECITEM_FreeItem(secParam, PR_TRUE); |
| + } |
| + if (EncContext) { |
| + PK11_DestroyContext(EncContext, PR_TRUE); |
| + } |
| + |
| + return(result_len); |
| +} |
| + |
| +static int |
| +xmlSecNssKeyWrapDesOp( |
| + xmlSecNssKeyWrapCtxPtr ctx , |
| + int encrypt , |
| + xmlSecBufferPtr result |
| +) { |
| + xmlSecByte sha1[SHA1_LENGTH]; |
| + xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; |
| + xmlSecByte* in; |
| + xmlSecSize inSize; |
| + xmlSecByte* out; |
| + xmlSecSize outSize; |
| + xmlSecSize s; |
| + int ret; |
| + SECStatus status; |
| + |
| + xmlSecAssert2( ctx != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; |
| + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->material != NULL , -1 ) ; |
| + xmlSecAssert2( result != NULL , -1 ) ; |
| + |
| + in = xmlSecBufferGetData(ctx->material); |
| + inSize = xmlSecBufferGetSize(ctx->material) ; |
| + out = xmlSecBufferGetData(result); |
| + outSize = xmlSecBufferGetMaxSize(result) ; |
| + if( encrypt ) { |
| + /* step 2: calculate sha1 and CMS */ |
| + if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssComputeSHA1", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + /* step 3: construct WKCKS */ |
| + memcpy(out, in, inSize); |
| + memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); |
| + |
| + /* step 4: generate random iv */ |
| + status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); |
| + if(status != SECSuccess) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PK11_GenerateRandom", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + "error code = %d", PORT_GetError()); |
| + return(-1); |
| + } |
| + |
| + /* step 5: first encryption, result is TEMP1 */ |
| + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, |
| + iv, XMLSEC_NSS_DES3_IV_LENGTH, |
| + out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, |
| + out, outSize, 1); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssKWDes3Encrypt", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + /* step 6: construct TEMP2=IV || TEMP1 */ |
| + memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, |
| + inSize + XMLSEC_NSS_DES3_IV_LENGTH); |
| + memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); |
| + s = ret + XMLSEC_NSS_DES3_IV_LENGTH; |
| + |
| + /* step 7: reverse octets order, result is TEMP3 */ |
| + ret = xmlSecNssKWDes3BufferReverse(out, s); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssKWDes3BufferReverse", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + /* step 8: second encryption with static IV */ |
| + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, |
| + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, |
| + out, s, |
| + out, outSize, 1); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssKWDes3Encrypt", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + s = ret; |
| + |
| + if( xmlSecBufferSetSize( result , s ) < 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecBufferSetSize", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + } else { |
| + /* step 2: first decryption with static IV, result is TEMP3 */ |
| + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, |
| + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, |
| + in, inSize, |
| + out, outSize, 0); |
| + if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssKWDes3Encrypt", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + s = ret; |
| + |
| + /* step 3: reverse octets order in TEMP3, result is TEMP2 */ |
| + ret = xmlSecNssKWDes3BufferReverse(out, s); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssKWDes3BufferReverse", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ |
| + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, |
| + out, XMLSEC_NSS_DES3_IV_LENGTH, |
| + out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, |
| + out, outSize, 0); |
| + if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssKWDes3Encrypt", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + s = ret - XMLSEC_NSS_DES3_IV_LENGTH; |
| + |
| + /* steps 6 and 7: calculate SHA1 and validate it */ |
| + if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssComputeSHA1", |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + NULL, |
| + XMLSEC_ERRORS_R_INVALID_DATA, |
| + "SHA1 does not match"); |
| + return(-1); |
| + } |
| + |
| + if( xmlSecBufferSetSize( result , s ) < 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecBufferSetSize", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +static int |
| +xmlSecNssKeyWrapAesOp( |
| + xmlSecNssKeyWrapCtxPtr ctx , |
| + int encrypt , |
| + xmlSecBufferPtr result |
| +) { |
| + PK11Context* cipherCtx = NULL; |
| + SECItem ivItem ; |
| + SECItem* secParam = NULL ; |
| + xmlSecSize inSize ; |
| + xmlSecSize inBlocks ; |
| + int blockSize ; |
| + int midSize ; |
| + int finSize ; |
| + xmlSecByte* out ; |
| + xmlSecSize outSize; |
| + |
| + xmlSecAssert2( ctx != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; |
| + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->material != NULL , -1 ) ; |
| + xmlSecAssert2( result != NULL , -1 ) ; |
| + |
| + /* Do not set any IV */ |
| + memset(&ivItem, 0, sizeof(ivItem)); |
| + |
| + /* Get block size */ |
| + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_GetBlockSize" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + inSize = xmlSecBufferGetSize( ctx->material ) ; |
| + if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferSetMaxSize" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + /* Get Param for context initialization */ |
| + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_ParamFromIV" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; |
| + if( cipherCtx == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_CreateContextBySymKey" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + SECITEM_FreeItem( secParam , PR_TRUE ) ; |
| + return(-1); |
| + } |
| + |
| + out = xmlSecBufferGetData(result) ; |
| + outSize = xmlSecBufferGetMaxSize(result) ; |
| + if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_CipherOp" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_DigestFinal" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferSetSize" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + return 0 ; |
| +} |
| + |
| +/** |
| + * Block cipher transform final |
| + */ |
| +static int |
| +xmlSecNssKeyWrapCtxFinal( |
| + xmlSecNssKeyWrapCtxPtr ctx , |
| + xmlSecBufferPtr in , |
| + xmlSecBufferPtr out , |
| + int encrypt , |
| + xmlSecTransformCtxPtr transformCtx |
| +) { |
| + PK11SymKey* targetKey ; |
| + xmlSecSize blockSize ; |
| + xmlSecBufferPtr result ; |
| + |
| + xmlSecAssert2( ctx != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; |
| + xmlSecAssert2( ctx->symkey != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; |
| + xmlSecAssert2( ctx->material != NULL , -1 ) ; |
| + xmlSecAssert2( in != NULL , -1 ) ; |
| + xmlSecAssert2( out != NULL , -1 ) ; |
| + xmlSecAssert2( transformCtx != NULL , -1 ) ; |
| + |
| + /* read raw key material and append into context */ |
| + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferAppend" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferRemoveHead" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + /* Now we get all of the key materail */ |
| + /* from now on we will wrap or unwrap the key */ |
| + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "PK11_GetBlockSize" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + result = xmlSecBufferCreate( blockSize ) ; |
| + if( result == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferCreate" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + switch( ctx->cipher ) { |
| + case CKM_DES3_CBC : |
| + if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssKeyWrapDesOp" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecBufferDestroy(result); |
| + return(-1); |
| + } |
| + break ; |
| + /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ |
| + case CKM_AES_CBC : |
| + if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssKeyWrapAesOp" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecBufferDestroy(result); |
| + return(-1); |
| + } |
| + break ; |
| + } |
| + |
| + /* Write output */ |
| + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecBufferAppend" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecBufferDestroy(result); |
| + return(-1); |
| + } |
| + xmlSecBufferDestroy(result); |
| + |
| + return(0); |
| +} |
| + |
| +static int |
| +xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { |
| + xmlSecNssKeyWrapCtxPtr context = NULL ; |
| + xmlSecBufferPtr inBuf, outBuf ; |
| + int operation ; |
| + int rtv ; |
| + |
| + xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; |
| + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; |
| + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; |
| + xmlSecAssert2( transformCtx != NULL , -1 ) ; |
| + |
| + context = xmlSecNssKeyWrapGetCtx( transform ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + "xmlSecNssKeyWrapGetCtx" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + inBuf = &( transform->inBuf ) ; |
| + outBuf = &( transform->outBuf ) ; |
| + |
| + if( transform->status == xmlSecTransformStatusNone ) { |
| + transform->status = xmlSecTransformStatusWorking ; |
| + } |
| + |
| + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; |
| + if( transform->status == xmlSecTransformStatusWorking ) { |
| + if( context->material == NULL ) { |
| + rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; |
| + if( rtv < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + "xmlSecNssKeyWrapCtxInit" , |
| + XMLSEC_ERRORS_R_INVALID_STATUS , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + } |
| + |
| + if( context->material == NULL && last != 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + NULL , |
| + XMLSEC_ERRORS_R_INVALID_STATUS , |
| + "No enough data to intialize transform" ) ; |
| + return(-1); |
| + } |
| + |
| + if( context->material != NULL ) { |
| + rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; |
| + if( rtv < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + "xmlSecNssKeyWrapCtxUpdate" , |
| + XMLSEC_ERRORS_R_INVALID_STATUS , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + } |
| + |
| + if( last ) { |
| + rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; |
| + if( rtv < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + "xmlSecNssKeyWrapCtxFinal" , |
| + XMLSEC_ERRORS_R_INVALID_STATUS , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + transform->status = xmlSecTransformStatusFinished ; |
| + } |
| + } else if( transform->status == xmlSecTransformStatusFinished ) { |
| + if( xmlSecBufferGetSize( inBuf ) != 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + NULL , |
| + XMLSEC_ERRORS_R_INVALID_STATUS , |
| + "status=%d", transform->status ) ; |
| + return(-1); |
| + } |
| + } else { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , |
| + NULL , |
| + XMLSEC_ERRORS_R_INVALID_STATUS , |
| + "status=%d", transform->status ) ; |
| + return(-1); |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +#ifndef XMLSEC_NO_AES |
| + |
| + |
| +#ifdef __MINGW32__ // for runtime-pseudo-reloc |
| +static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { |
| +#else |
| +static xmlSecTransformKlass xmlSecNssKWAes128Klass = { |
| +#endif |
| + /* klass/object sizes */ |
| + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ |
| + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ |
| + |
| + xmlSecNameKWAes128, /* const xmlChar* name; */ |
| + xmlSecHrefKWAes128, /* const xmlChar* href; */ |
| + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ |
| + |
| + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ |
| + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ |
| + NULL, /* xmlSecTransformNodeReadMethod readNode; */ |
| + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ |
| + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ |
| + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ |
| + NULL, /* xmlSecTransformValidateMethod validate; */ |
| + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ |
| + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ |
| + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ |
| + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ |
| + NULL, /* xmlSecTransformPopXmlMethod popXml; */ |
| + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ |
| + |
| + NULL, /* void* reserved0; */ |
| + NULL, /* void* reserved1; */ |
| +}; |
| + |
| +#ifdef __MINGW32__ // for runtime-pseudo-reloc |
| +static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { |
| +#else |
| +static xmlSecTransformKlass xmlSecNssKWAes192Klass = { |
| +#endif |
| + /* klass/object sizes */ |
| + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ |
| + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ |
| + |
| + xmlSecNameKWAes192, /* const xmlChar* name; */ |
| + xmlSecHrefKWAes192, /* const xmlChar* href; */ |
| + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ |
| + |
| + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ |
| + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ |
| + NULL, /* xmlSecTransformNodeReadMethod readNode; */ |
| + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ |
| + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ |
| + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ |
| + NULL, /* xmlSecTransformValidateMethod validate; */ |
| + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ |
| + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ |
| + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ |
| + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ |
| + NULL, /* xmlSecTransformPopXmlMethod popXml; */ |
| + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ |
| + |
| + NULL, /* void* reserved0; */ |
| + NULL, /* void* reserved1; */ |
| +}; |
| + |
| +#ifdef __MINGW32__ // for runtime-pseudo-reloc |
| +static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { |
| +#else |
| +static xmlSecTransformKlass xmlSecNssKWAes256Klass = { |
| +#endif |
| + /* klass/object sizes */ |
| + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ |
| + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ |
| + |
| + xmlSecNameKWAes256, /* const xmlChar* name; */ |
| + xmlSecHrefKWAes256, /* const xmlChar* href; */ |
| + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ |
| + |
| + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ |
| + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ |
| + NULL, /* xmlSecTransformNodeReadMethod readNode; */ |
| + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ |
| + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ |
| + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ |
| + NULL, /* xmlSecTransformValidateMethod validate; */ |
| + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ |
| + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ |
| + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ |
| + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ |
| + NULL, /* xmlSecTransformPopXmlMethod popXml; */ |
| + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ |
| + |
| + NULL, /* void* reserved0; */ |
| + NULL, /* void* reserved1; */ |
| +}; |
| + |
| +/** |
| + * xmlSecNssTransformKWAes128GetKlass: |
| + * |
| + * The AES-128 key wrapper transform klass. |
| + * |
| + * Returns AES-128 key wrapper transform klass. |
| + */ |
| +xmlSecTransformId |
| +xmlSecNssTransformKWAes128GetKlass(void) { |
| + return(&xmlSecNssKWAes128Klass); |
| +} |
| + |
| +/** |
| + * xmlSecNssTransformKWAes192GetKlass: |
| + * |
| + * The AES-192 key wrapper transform klass. |
| + * |
| + * Returns AES-192 key wrapper transform klass. |
| + */ |
| +xmlSecTransformId |
| +xmlSecNssTransformKWAes192GetKlass(void) { |
| + return(&xmlSecNssKWAes192Klass); |
| +} |
| + |
| +/** |
| + * |
| + * The AES-256 key wrapper transform klass. |
| + * |
| + * Returns AES-256 key wrapper transform klass. |
| + */ |
| +xmlSecTransformId |
| +xmlSecNssTransformKWAes256GetKlass(void) { |
| + return(&xmlSecNssKWAes256Klass); |
| +} |
| + |
| +#endif /* XMLSEC_NO_AES */ |
| + |
| + |
| +#ifndef XMLSEC_NO_DES |
| + |
| +#ifdef __MINGW32__ // for runtime-pseudo-reloc |
| +static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { |
| +#else |
| +static xmlSecTransformKlass xmlSecNssKWDes3Klass = { |
| +#endif |
| + /* klass/object sizes */ |
| + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ |
| + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ |
| + |
| + xmlSecNameKWDes3, /* const xmlChar* name; */ |
| + xmlSecHrefKWDes3, /* const xmlChar* href; */ |
| + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ |
| + |
| + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ |
| + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ |
| + NULL, /* xmlSecTransformNodeReadMethod readNode; */ |
| + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ |
| + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ |
| + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ |
| + NULL, /* xmlSecTransformValidateMethod validate; */ |
| + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ |
| + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ |
| + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ |
| + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ |
| + NULL, /* xmlSecTransformPopXmlMethod popXml; */ |
| + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ |
| + |
| + NULL, /* void* reserved0; */ |
| + NULL, /* void* reserved1; */ |
| +}; |
| + |
| +/** |
| + * xmlSecNssTransformKWDes3GetKlass: |
| + * |
| + * The Triple DES key wrapper transform klass. |
| + * |
| + * Returns Triple DES key wrapper transform klass. |
| + */ |
| +xmlSecTransformId |
| +xmlSecNssTransformKWDes3GetKlass(void) { |
| + return(&xmlSecNssKWDes3Klass); |
| +} |
| + |
| +#endif /* XMLSEC_NO_DES */ |
| + |
| --- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200 |
| @@ -24,6 +24,7 @@ |
| #include <xmlsec/nss/crypto.h> |
| #include <xmlsec/nss/bignum.h> |
| #include <xmlsec/nss/pkikeys.h> |
| +#include <xmlsec/nss/tokens.h> |
| |
| /************************************************************************** |
| * |
| @@ -115,6 +116,8 @@ |
| xmlSecNssPKIKeyDataCtxPtr ctxSrc) |
| { |
| xmlSecNSSPKIKeyDataCtxFree(ctxDst); |
| + ctxDst->privkey = NULL ; |
| + ctxDst->pubkey = NULL ; |
| if (ctxSrc->privkey != NULL) { |
| ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); |
| if(ctxDst->privkey == NULL) { |
| @@ -588,13 +591,13 @@ |
| goto done; |
| } |
| |
| - slot = PK11_GetBestSlot(CKM_DSA, NULL); |
| + slot = xmlSecNssSlotGet(CKM_DSA); |
| if(slot == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "PK11_GetBestSlot", |
| + "xmlSecNssSlotGet", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| ret = -1; |
| goto done; |
| } |
| @@ -792,14 +795,14 @@ |
| if (slot != NULL) { |
| PK11_FreeSlot(slot); |
| } |
| - if (ret != 0) { |
| + |
| if (pubkey != NULL) { |
| SECKEY_DestroyPublicKey(pubkey); |
| } |
| if (data != NULL) { |
| xmlSecKeyDataDestroy(data); |
| } |
| - } |
| + |
| return(ret); |
| } |
| |
| @@ -818,7 +821,7 @@ |
| |
| ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); |
| xmlSecAssert2(ctx != NULL, -1); |
| - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); |
| +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ |
| |
| if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { |
| /* we can have only private key or public key */ |
| @@ -940,7 +943,8 @@ |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| "PK11_PQG_ParamGen", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - "size=%d", sizeBits); |
| + "size=%d, error code=%d", sizeBits, PORT_GetError()); |
| + ret = -1; |
| goto done; |
| } |
| |
| @@ -950,11 +954,12 @@ |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| "PK11_PQG_VerifyParams", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - "size=%d", sizeBits); |
| + "size=%d, error code=%d", sizeBits, PORT_GetError()); |
| + ret = -1; |
| goto done; |
| } |
| |
| - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); |
| + slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); |
| PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); |
| privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, |
| &pubkey, PR_FALSE, PR_TRUE, NULL); |
| @@ -964,8 +969,9 @@ |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| "PK11_GenerateKeyPair", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| |
| + ret = -1; |
| goto done; |
| } |
| |
| @@ -979,6 +985,8 @@ |
| goto done; |
| } |
| |
| + privkey = NULL ; |
| + pubkey = NULL ; |
| ret = 0; |
| |
| done: |
| @@ -991,16 +999,13 @@ |
| if (pqgVerify != NULL) { |
| PK11_PQG_DestroyVerify(pqgVerify); |
| } |
| - if (ret == 0) { |
| - return (0); |
| - } |
| if (pubkey != NULL) { |
| SECKEY_DestroyPublicKey(pubkey); |
| } |
| if (privkey != NULL) { |
| SECKEY_DestroyPrivateKey(privkey); |
| } |
| - return(-1); |
| + return(ret); |
| } |
| |
| static xmlSecKeyDataType |
| @@ -1010,10 +1015,10 @@ |
| xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); |
| ctx = xmlSecNssPKIKeyDataGetCtx(data); |
| xmlSecAssert2(ctx != NULL, -1); |
| - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); |
| +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ |
| if (ctx->privkey != NULL) { |
| return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); |
| - } else { |
| + } else if( ctx->pubkey != NULL ) { |
| return(xmlSecKeyDataTypePublic); |
| } |
| |
| @@ -1027,7 +1032,7 @@ |
| xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); |
| ctx = xmlSecNssPKIKeyDataGetCtx(data); |
| xmlSecAssert2(ctx != NULL, -1); |
| - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); |
| +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ |
| |
| return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); |
| } |
| @@ -1216,13 +1221,13 @@ |
| goto done; |
| } |
| |
| - slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); |
| + slot = xmlSecNssSlotGet(CKM_RSA_PKCS); |
| if(slot == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "PK11_GetBestSlot", |
| + "xmlSecNssSlotGet", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| ret = -1; |
| goto done; |
| } |
| @@ -1384,7 +1389,7 @@ |
| |
| ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); |
| xmlSecAssert2(ctx != NULL, -1); |
| - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); |
| +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ |
| |
| |
| if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { |
| @@ -1455,7 +1460,7 @@ |
| params.keySizeInBits = sizeBits; |
| params.pe = 65537; |
| |
| - slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); |
| + slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); |
| PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); |
| privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, |
| &pubkey, PR_FALSE, PR_TRUE, NULL); |
| @@ -1525,7 +1530,7 @@ |
| |
| ctx = xmlSecNssPKIKeyDataGetCtx(data); |
| xmlSecAssert2(ctx != NULL, -1); |
| - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); |
| +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ |
| |
| return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); |
| } |
| --- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200 |
| @@ -15,20 +15,41 @@ |
| #include <stdio.h> |
| #include <string.h> |
| |
| +#include <pk11func.h> |
| +#include <nss.h> |
| + |
| #include <xmlsec/xmlsec.h> |
| #include <xmlsec/xmltree.h> |
| +#include <xmlsec/base64.h> |
| #include <xmlsec/keys.h> |
| #include <xmlsec/keyinfo.h> |
| #include <xmlsec/transforms.h> |
| #include <xmlsec/errors.h> |
| |
| #include <xmlsec/nss/crypto.h> |
| +#include <xmlsec/nss/ciphers.h> |
| +#include <xmlsec/nss/tokens.h> |
| |
| /***************************************************************************** |
| * |
| - * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary |
| + * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey |
| * |
| ****************************************************************************/ |
| +typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; |
| +typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; |
| + |
| +struct _xmlSecNssSymKeyDataCtx { |
| + CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ |
| + PK11SlotInfo* slot ; /* the key resident slot */ |
| + PK11SymKey* symkey ; /* the symmetic key */ |
| +} ; |
| + |
| +#define xmlSecNssSymKeyDataSize \ |
| + ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) |
| + |
| +#define xmlSecNssSymKeyDataGetCtx( data ) \ |
| + ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) |
| + |
| static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); |
| static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, |
| xmlSecKeyDataPtr src); |
| @@ -67,107 +88,743 @@ |
| (xmlSecKeyDataIsValid((data)) && \ |
| xmlSecNssSymKeyDataKlassCheck((data)->id)) |
| |
| +/** |
| + * xmlSecNssSymKeyDataAdoptKey: |
| + * @data: the pointer to symmetric key data. |
| + * @symkey: the symmetric key |
| + * |
| + * Set the value of symmetric key data. |
| + * |
| + * Returns 0 on success or a negative value if an error occurs. |
| + */ |
| +int |
| +xmlSecNssSymKeyDataAdoptKey( |
| + xmlSecKeyDataPtr data , |
| + PK11SymKey* symkey |
| +) { |
| + xmlSecNssSymKeyDataCtxPtr context = NULL ; |
| + |
| + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; |
| + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; |
| + xmlSecAssert2( symkey != NULL, -1 ) ; |
| + |
| + context = xmlSecNssSymKeyDataGetCtx( data ) ; |
| + xmlSecAssert2(context != NULL, -1); |
| + |
| + context->cipher = PK11_GetMechanism( symkey ) ; |
| + |
| + if( context->slot != NULL ) { |
| + PK11_FreeSlot( context->slot ) ; |
| + context->slot = NULL ; |
| + } |
| + context->slot = PK11_GetSlotFromKey( symkey ) ; |
| + |
| + if( context->symkey != NULL ) { |
| + PK11_FreeSymKey( context->symkey ) ; |
| + context->symkey = NULL ; |
| + } |
| + context->symkey = PK11_ReferenceSymKey( symkey ) ; |
| + |
| + return 0 ; |
| +} |
| + |
| +xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( |
| + PK11SymKey* symKey |
| +) { |
| + xmlSecKeyDataPtr data = NULL ; |
| + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; |
| + |
| + xmlSecAssert2( symKey != NULL , NULL ) ; |
| + |
| + mechanism = PK11_GetMechanism( symKey ) ; |
| + switch( mechanism ) { |
| + case CKM_DES3_KEY_GEN : |
| + case CKM_DES3_CBC : |
| + case CKM_DES3_MAC : |
| + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; |
| + if( data == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeyDataCreate" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + "xmlSecNssKeyDataDesId" ) ; |
| + return NULL ; |
| + } |
| + break ; |
| + case CKM_AES_KEY_GEN : |
| + case CKM_AES_CBC : |
| + case CKM_AES_MAC : |
| + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; |
| + if( data == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecKeyDataCreate" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + "xmlSecNssKeyDataDesId" ) ; |
| + return NULL ; |
| + } |
| + break ; |
| + default : |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + "Unsupported mechanism" ) ; |
| + return NULL ; |
| + } |
| + |
| + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + "xmlSecNssSymKeyDataAdoptKey" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecKeyDataDestroy( data ) ; |
| + return NULL ; |
| + } |
| + |
| + return data ; |
| +} |
| + |
| + |
| +PK11SymKey* |
| +xmlSecNssSymKeyDataGetKey( |
| + xmlSecKeyDataPtr data |
| +) { |
| + xmlSecNssSymKeyDataCtxPtr ctx; |
| + PK11SymKey* symkey ; |
| + |
| + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); |
| + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); |
| + |
| + ctx = xmlSecNssSymKeyDataGetCtx(data); |
| + xmlSecAssert2(ctx != NULL, NULL); |
| + |
| + if( ctx->symkey != NULL ) { |
| + symkey = PK11_ReferenceSymKey( ctx->symkey ) ; |
| + } else { |
| + symkey = NULL ; |
| + } |
| + |
| + return(symkey); |
| +} |
| + |
| static int |
| xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { |
| + xmlSecNssSymKeyDataCtxPtr ctx; |
| + |
| xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); |
| - |
| - return(xmlSecKeyDataBinaryValueInitialize(data)); |
| + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); |
| + |
| + ctx = xmlSecNssSymKeyDataGetCtx(data); |
| + xmlSecAssert2(ctx != NULL, -1); |
| + |
| + memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); |
| + |
| + /* Set the block cipher mechanism */ |
| +#ifndef XMLSEC_NO_DES |
| + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { |
| + ctx->cipher = CKM_DES3_KEY_GEN; |
| + } else |
| +#endif /* XMLSEC_NO_DES */ |
| + |
| +#ifndef XMLSEC_NO_AES |
| + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { |
| + ctx->cipher = CKM_AES_KEY_GEN; |
| + } else |
| +#endif /* XMLSEC_NO_AES */ |
| + |
| + if(1) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + "Unsupported block cipher" ) ; |
| + return(-1) ; |
| + } |
| + |
| + return(0); |
| } |
| |
| static int |
| xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { |
| + xmlSecNssSymKeyDataCtxPtr ctxDst; |
| + xmlSecNssSymKeyDataCtxPtr ctxSrc; |
| + |
| xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); |
| + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); |
| xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); |
| + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); |
| xmlSecAssert2(dst->id == src->id, -1); |
| - |
| - return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); |
| + |
| + ctxDst = xmlSecNssSymKeyDataGetCtx(dst); |
| + xmlSecAssert2(ctxDst != NULL, -1); |
| + |
| + ctxSrc = xmlSecNssSymKeyDataGetCtx(src); |
| + xmlSecAssert2(ctxSrc != NULL, -1); |
| + |
| + ctxDst->cipher = ctxSrc->cipher ; |
| + |
| + if( ctxSrc->slot != NULL ) { |
| + if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { |
| + PK11_FreeSlot( ctxDst->slot ) ; |
| + ctxDst->slot = NULL ; |
| + } |
| + |
| + if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) |
| + ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; |
| + } else { |
| + if( ctxDst->slot != NULL ) { |
| + PK11_FreeSlot( ctxDst->slot ) ; |
| + ctxDst->slot = NULL ; |
| + } |
| + } |
| + |
| + if( ctxSrc->symkey != NULL ) { |
| + if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { |
| + PK11_FreeSymKey( ctxDst->symkey ) ; |
| + ctxDst->symkey = NULL ; |
| + } |
| + |
| + if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) |
| + ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; |
| + } else { |
| + if( ctxDst->symkey != NULL ) { |
| + PK11_FreeSymKey( ctxDst->symkey ) ; |
| + ctxDst->symkey = NULL ; |
| + } |
| + } |
| + |
| + return(0); |
| } |
| |
| static void |
| xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { |
| + xmlSecNssSymKeyDataCtxPtr ctx; |
| + |
| xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); |
| - |
| - xmlSecKeyDataBinaryValueFinalize(data); |
| + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); |
| + |
| + ctx = xmlSecNssSymKeyDataGetCtx(data); |
| + xmlSecAssert(ctx != NULL); |
| + |
| + if( ctx->slot != NULL ) { |
| + PK11_FreeSlot( ctx->slot ) ; |
| + ctx->slot = NULL ; |
| + } |
| + |
| + if( ctx->symkey != NULL ) { |
| + PK11_FreeSymKey( ctx->symkey ) ; |
| + ctx->symkey = NULL ; |
| + } |
| + |
| + ctx->cipher = CKM_INVALID_MECHANISM ; |
| } |
| |
| static int |
| xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, |
| xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); |
| + PK11SymKey* symKey ; |
| + PK11SlotInfo* slot ; |
| + xmlSecBufferPtr keyBuf; |
| + xmlSecSize len; |
| + xmlSecKeyDataPtr data; |
| + xmlSecNssSymKeyDataCtxPtr ctx; |
| + SECItem keyItem ; |
| + int ret; |
| + |
| + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); |
| + xmlSecAssert2(key != NULL, -1); |
| + xmlSecAssert2(node != NULL, -1); |
| + xmlSecAssert2(keyInfoCtx != NULL, -1); |
| + |
| + /* Create a new KeyData from a id */ |
| + data = xmlSecKeyDataCreate(id); |
| + if(data == NULL ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeyDataCreate", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + ctx = xmlSecNssSymKeyDataGetCtx(data); |
| + xmlSecAssert2(ctx != NULL, -1); |
| + |
| + /* Create a buffer for raw symmetric key value */ |
| + if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecBufferCreate" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + /* Read the raw key value */ |
| + if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + xmlSecErrorsSafeString(xmlSecNodeGetName(node)), |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecBufferDestroy( keyBuf ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + /* Get slot */ |
| + slot = xmlSecNssSlotGet(ctx->cipher); |
| + if( slot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecNssSlotGet" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + xmlSecBufferDestroy( keyBuf ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + /* Wrap the raw key value SECItem */ |
| + keyItem.type = siBuffer ; |
| + keyItem.data = xmlSecBufferGetData( keyBuf ) ; |
| + keyItem.len = xmlSecBufferGetSize( keyBuf ) ; |
| + |
| + /* Import the raw key into slot temporalily and get the key handler*/ |
| + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; |
| + if( symKey == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "PK11_ImportSymKey" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + PK11_FreeSlot( slot ) ; |
| + xmlSecBufferDestroy( keyBuf ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + PK11_FreeSlot( slot ) ; |
| + |
| + /* raw key material has been copied into symKey, it isn't used any more */ |
| + xmlSecBufferDestroy( keyBuf ) ; |
| + |
| + /* Adopt the symmetric key into key data */ |
| + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeyDataBinaryValueSetBuffer", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1); |
| + } |
| + /* symKey has been duplicated into data, it isn't used any more */ |
| + PK11_FreeSymKey( symKey ) ; |
| + |
| + /* Check value */ |
| + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeyReqMatchKeyValue", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(0); |
| + } |
| |
| - return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); |
| + ret = xmlSecKeySetValue(key, data); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeySetValue", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1); |
| + } |
| + |
| + return(0); |
| } |
| |
| static int |
| xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, |
| xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| + PK11SymKey* symKey ; |
| + |
| xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); |
| - |
| - return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); |
| + xmlSecAssert2(key != NULL, -1); |
| + xmlSecAssert2(node != NULL, -1); |
| + xmlSecAssert2(keyInfoCtx != NULL, -1); |
| + |
| + /* Get symmetric key from "key" */ |
| + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); |
| + if( symKey != NULL ) { |
| + SECItem* keyItem ; |
| + xmlSecBufferPtr keyBuf ; |
| + |
| + /* Extract raw key data from symmetric key */ |
| + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "PK11_ExtractKeyValue", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + |
| + /* Get raw key data from "symKey" */ |
| + keyItem = PK11_GetKeyData( symKey ) ; |
| + if(keyItem == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "PK11_GetKeyData", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + |
| + /* Create key data buffer with raw kwy material */ |
| + keyBuf = xmlSecBufferCreate(keyItem->len) ; |
| + if(keyBuf == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecBufferCreate", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + |
| + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; |
| + |
| + /* Write raw key material into current xml node */ |
| + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecBufferBase64NodeContentWrite", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecBufferDestroy(keyBuf); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + xmlSecBufferDestroy(keyBuf); |
| + PK11_FreeSymKey( symKey ) ; |
| + } |
| + |
| + return 0 ; |
| } |
| |
| static int |
| xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, |
| const xmlSecByte* buf, xmlSecSize bufSize, |
| xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); |
| + PK11SymKey* symKey ; |
| + PK11SlotInfo* slot ; |
| + xmlSecKeyDataPtr data; |
| + xmlSecNssSymKeyDataCtxPtr ctx; |
| + SECItem keyItem ; |
| + int ret; |
| + |
| + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); |
| + xmlSecAssert2(key != NULL, -1); |
| + xmlSecAssert2(buf != NULL, -1); |
| + xmlSecAssert2(bufSize != 0, -1); |
| + xmlSecAssert2(keyInfoCtx != NULL, -1); |
| + |
| + /* Create a new KeyData from a id */ |
| + data = xmlSecKeyDataCreate(id); |
| + if(data == NULL ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeyDataCreate", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| + } |
| + |
| + ctx = xmlSecNssSymKeyDataGetCtx(data); |
| + xmlSecAssert2(ctx != NULL, -1); |
| + |
| + /* Get slot */ |
| + slot = xmlSecNssSlotGet(ctx->cipher); |
| + if( slot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecNssSlotGet" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + /* Wrap the raw key value SECItem */ |
| + keyItem.type = siBuffer ; |
| + keyItem.data = buf ; |
| + keyItem.len = bufSize ; |
| + |
| + /* Import the raw key into slot temporalily and get the key handler*/ |
| + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; |
| + if( symKey == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "PK11_ImportSymKey" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + PK11_FreeSlot( slot ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1) ; |
| + } |
| + |
| + /* Adopt the symmetric key into key data */ |
| + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeyDataBinaryValueSetBuffer", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + PK11_FreeSymKey( symKey ) ; |
| + PK11_FreeSlot( slot ) ; |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1); |
| + } |
| + /* symKey has been duplicated into data, it isn't used any more */ |
| + PK11_FreeSymKey( symKey ) ; |
| + PK11_FreeSlot( slot ) ; |
| + |
| + /* Check value */ |
| + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeyReqMatchKeyValue", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(0); |
| + } |
| |
| - return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); |
| + ret = xmlSecKeySetValue(key, data); |
| + if(ret < 0) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecKeySetValue", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecKeyDataDestroy( data ) ; |
| + return(-1); |
| + } |
| + |
| + return(0); |
| } |
| |
| static int |
| xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, |
| xmlSecByte** buf, xmlSecSize* bufSize, |
| xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| + PK11SymKey* symKey ; |
| + |
| xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); |
| + xmlSecAssert2(key != NULL, -1); |
| + xmlSecAssert2(buf != NULL, -1); |
| + xmlSecAssert2(bufSize != 0, -1); |
| + xmlSecAssert2(keyInfoCtx != NULL, -1); |
| + |
| + /* Get symmetric key from "key" */ |
| + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); |
| + if( symKey != NULL ) { |
| + SECItem* keyItem ; |
| + |
| + /* Extract raw key data from symmetric key */ |
| + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "PK11_ExtractKeyValue", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + |
| + /* Get raw key data from "symKey" */ |
| + keyItem = PK11_GetKeyData( symKey ) ; |
| + if(keyItem == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "PK11_GetKeyData", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + |
| + *bufSize = keyItem->len; |
| + *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); |
| + if( *buf == NULL ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + NULL, |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + PK11_FreeSymKey( symKey ) ; |
| + return(-1); |
| + } |
| + |
| + memcpy((*buf), keyItem->data, (*bufSize)); |
| + PK11_FreeSymKey( symKey ) ; |
| + } |
| |
| - return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); |
| + return 0 ; |
| } |
| |
| static int |
| xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { |
| - xmlSecBufferPtr buffer; |
| + PK11SymKey* symkey ; |
| + PK11SlotInfo* slot ; |
| + xmlSecNssSymKeyDataCtxPtr ctx; |
| + int ret; |
| |
| xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); |
| xmlSecAssert2(sizeBits > 0, -1); |
| |
| - buffer = xmlSecKeyDataBinaryValueGetBuffer(data); |
| - xmlSecAssert2(buffer != NULL, -1); |
| - |
| - return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); |
| + ctx = xmlSecNssSymKeyDataGetCtx(data); |
| + xmlSecAssert2(ctx != NULL, -1); |
| + |
| + if( sizeBits % 8 != 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| + NULL, |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "Symmetric key size must be octuple"); |
| + return(-1); |
| + } |
| + |
| + /* Get slot */ |
| + slot = xmlSecNssSlotGet(ctx->cipher); |
| + if( slot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| + "xmlSecNssSlotGet" , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1) ; |
| + } |
| + |
| + if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "PK11_Authenticate" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + PK11_FreeSlot( slot ) ; |
| + return -1 ; |
| + } |
| + |
| + symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; |
| + if( symkey == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "PK11_KeyGen" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + PK11_FreeSlot( slot ) ; |
| + return -1 ; |
| + } |
| + |
| + if( ctx->slot != NULL ) { |
| + PK11_FreeSlot( ctx->slot ) ; |
| + ctx->slot = NULL ; |
| + } |
| + ctx->slot = slot ; |
| + |
| + if( ctx->symkey != NULL ) { |
| + PK11_FreeSymKey( ctx->symkey ) ; |
| + ctx->symkey = NULL ; |
| + } |
| + ctx->symkey = symkey ; |
| + |
| + return 0; |
| } |
| |
| static xmlSecKeyDataType |
| xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { |
| - xmlSecBufferPtr buffer; |
| + xmlSecNssSymKeyDataCtxPtr context = NULL ; |
| + xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; |
| |
| xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); |
| + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; |
| |
| - buffer = xmlSecKeyDataBinaryValueGetBuffer(data); |
| - xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); |
| + context = xmlSecNssSymKeyDataGetCtx( data ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "xmlSecNssSymKeyDataGetCtx" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return xmlSecKeyDataTypeUnknown ; |
| + } |
| |
| - return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); |
| + if( context->symkey != NULL ) { |
| + type |= xmlSecKeyDataTypeSymmetric ; |
| + } else { |
| + type |= xmlSecKeyDataTypeUnknown ; |
| + } |
| + |
| + return type ; |
| } |
| |
| static xmlSecSize |
| xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { |
| + xmlSecNssSymKeyDataCtxPtr context ; |
| + unsigned int length = 0 ; |
| + |
| xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); |
| + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; |
| + context = xmlSecNssSymKeyDataGetCtx( data ) ; |
| + if( context == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "xmlSecNssSymKeyDataGetCtx" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return 0 ; |
| + } |
| + |
| + if( context->symkey != NULL ) { |
| + length = PK11_GetKeyLength( context->symkey ) ; |
| + length *= 8 ; |
| + } |
| |
| - return(xmlSecKeyDataBinaryValueGetSize(data)); |
| + return length ; |
| } |
| |
| static void |
| xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { |
| xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); |
| |
| - xmlSecKeyDataBinaryValueDebugDump(data, output); |
| + /* print only size, everything else is sensitive */ |
| + fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , |
| + xmlSecKeyDataGetSize(data)) ; |
| } |
| |
| static void |
| xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { |
| xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); |
| - |
| - xmlSecKeyDataBinaryValueDebugXmlDump(data, output); |
| + |
| + /* print only size, everything else is sensitive */ |
| + fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , |
| + xmlSecKeyDataGetSize(data)) ; |
| } |
| |
| static int |
| @@ -201,7 +858,7 @@ |
| *************************************************************************/ |
| static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { |
| sizeof(xmlSecKeyDataKlass), |
| - xmlSecKeyDataBinarySize, |
| + xmlSecNssSymKeyDataSize, |
| |
| /* data */ |
| xmlSecNameAESKeyValue, |
| @@ -282,7 +939,7 @@ |
| *************************************************************************/ |
| static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { |
| sizeof(xmlSecKeyDataKlass), |
| - xmlSecKeyDataBinarySize, |
| + xmlSecNssSymKeyDataSize, |
| |
| /* data */ |
| xmlSecNameDESKeyValue, |
| @@ -364,7 +1021,7 @@ |
| *************************************************************************/ |
| static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { |
| sizeof(xmlSecKeyDataKlass), |
| - xmlSecKeyDataBinarySize, |
| + xmlSecNssSymKeyDataSize, |
| |
| /* data */ |
| xmlSecNameHMACKeyValue, |
| --- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200 |
| @@ -1 +1,548 @@ |
| -dummy |
| +/** |
| + * XMLSec library |
| + * |
| + * This is free software; see Copyright file in the source |
| + * distribution for preciese wording. |
| + * |
| + * Copyright.................................. |
| + * |
| + * Contributor(s): _____________________________ |
| + * |
| + */ |
| + |
| +/** |
| + * In order to ensure that particular crypto operation is performed on |
| + * particular crypto device, a subclass of xmlSecList is used to store slot and |
| + * mechanism information. |
| + * |
| + * In the list, a slot is bound with a mechanism. If the mechanism is available, |
| + * this mechanism only can perform on the slot; otherwise, it can perform on |
| + * every eligibl slot in the list. |
| + * |
| + * When try to find a slot for a particular mechanism, the slot bound with |
| + * avaliable mechanism will be looked up firstly. |
| + */ |
| +#include "globals.h" |
| +#include <string.h> |
| + |
| +#include <xmlsec/xmlsec.h> |
| +#include <xmlsec/errors.h> |
| +#include <xmlsec/list.h> |
| + |
| +#include <xmlsec/nss/tokens.h> |
| + |
| +int |
| +xmlSecNssKeySlotSetMechList( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE_PTR mechanismList |
| +) { |
| + int counter ; |
| + |
| + xmlSecAssert2( keySlot != NULL , -1 ) ; |
| + |
| + if( keySlot->mechanismList != CK_NULL_PTR ) { |
| + xmlFree( keySlot->mechanismList ) ; |
| + |
| + for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; |
| + keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; |
| + if( keySlot->mechanismList == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ); |
| + } |
| + for( ; counter >= 0 ; counter -- ) |
| + *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; |
| + } |
| + |
| + return( 0 ); |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotEnableMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE mechanism |
| +) { |
| + int counter ; |
| + CK_MECHANISM_TYPE_PTR newList ; |
| + |
| + xmlSecAssert2( keySlot != NULL , -1 ) ; |
| + |
| + if( mechanism != CKM_INVALID_MECHANISM ) { |
| + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; |
| + newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; |
| + if( newList == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ); |
| + } |
| + *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; |
| + *( newList + counter ) = mechanism ; |
| + for( counter -= 1 ; counter >= 0 ; counter -- ) |
| + *( newList + counter ) = *( keySlot->mechanismList + counter ) ; |
| + |
| + xmlFree( keySlot->mechanismList ) ; |
| + keySlot->mechanismList = newList ; |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotDisableMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE mechanism |
| +) { |
| + int counter ; |
| + |
| + xmlSecAssert2( keySlot != NULL , -1 ) ; |
| + |
| + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { |
| + if( *( keySlot->mechanismList + counter ) == mechanism ) { |
| + for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { |
| + *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; |
| + } |
| + |
| + break ; |
| + } |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +CK_MECHANISM_TYPE_PTR |
| +xmlSecNssKeySlotGetMechList( |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + if( keySlot != NULL ) |
| + return keySlot->mechanismList ; |
| + else |
| + return NULL ; |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotSetSlot( |
| + xmlSecNssKeySlotPtr keySlot , |
| + PK11SlotInfo* slot |
| +) { |
| + xmlSecAssert2( keySlot != NULL , -1 ) ; |
| + |
| + if( slot != NULL && keySlot->slot != slot ) { |
| + if( keySlot->slot != NULL ) |
| + PK11_FreeSlot( keySlot->slot ) ; |
| + |
| + if( keySlot->mechanismList != NULL ) { |
| + xmlFree( keySlot->mechanismList ) ; |
| + keySlot->mechanismList = NULL ; |
| + } |
| + |
| + keySlot->slot = PK11_ReferenceSlot( slot ) ; |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotInitialize( |
| + xmlSecNssKeySlotPtr keySlot , |
| + PK11SlotInfo* slot |
| +) { |
| + xmlSecAssert2( keySlot != NULL , -1 ) ; |
| + xmlSecAssert2( keySlot->slot == NULL , -1 ) ; |
| + xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; |
| + |
| + if( slot != NULL ) { |
| + keySlot->slot = PK11_ReferenceSlot( slot ) ; |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +void |
| +xmlSecNssKeySlotFinalize( |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + xmlSecAssert( keySlot != NULL ) ; |
| + |
| + if( keySlot->mechanismList != NULL ) { |
| + xmlFree( keySlot->mechanismList ) ; |
| + keySlot->mechanismList = NULL ; |
| + } |
| + |
| + if( keySlot->slot != NULL ) { |
| + PK11_FreeSlot( keySlot->slot ) ; |
| + keySlot->slot = NULL ; |
| + } |
| + |
| +} |
| + |
| +PK11SlotInfo* |
| +xmlSecNssKeySlotGetSlot( |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + if( keySlot != NULL ) |
| + return keySlot->slot ; |
| + else |
| + return NULL ; |
| +} |
| + |
| +xmlSecNssKeySlotPtr |
| +xmlSecNssKeySlotCreate() { |
| + xmlSecNssKeySlotPtr keySlot ; |
| + |
| + /* Allocates a new xmlSecNssKeySlot and fill the fields */ |
| + keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; |
| + if( keySlot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( NULL ); |
| + } |
| + memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; |
| + |
| + return( keySlot ) ; |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotCopy( |
| + xmlSecNssKeySlotPtr newKeySlot , |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + CK_MECHANISM_TYPE_PTR mech ; |
| + int counter ; |
| + |
| + xmlSecAssert2( newKeySlot != NULL , -1 ) ; |
| + xmlSecAssert2( keySlot != NULL , -1 ) ; |
| + |
| + if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { |
| + if( newKeySlot->slot != NULL ) |
| + PK11_FreeSlot( newKeySlot->slot ) ; |
| + |
| + newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; |
| + } |
| + |
| + if( keySlot->mechanismList != CK_NULL_PTR ) { |
| + xmlFree( newKeySlot->mechanismList ) ; |
| + |
| + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; |
| + newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; |
| + if( newKeySlot->mechanismList == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ); |
| + } |
| + for( ; counter >= 0 ; counter -- ) |
| + *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; |
| + } |
| + |
| + return( 0 ); |
| +} |
| + |
| +xmlSecNssKeySlotPtr |
| +xmlSecNssKeySlotDuplicate( |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + xmlSecNssKeySlotPtr newKeySlot ; |
| + int ret ; |
| + |
| + xmlSecAssert2( keySlot != NULL , NULL ) ; |
| + |
| + newKeySlot = xmlSecNssKeySlotCreate() ; |
| + if( newKeySlot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( NULL ); |
| + } |
| + |
| + if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( NULL ); |
| + } |
| + |
| + return( newKeySlot ); |
| +} |
| + |
| +void |
| +xmlSecNssKeySlotDestroy( |
| + xmlSecNssKeySlotPtr keySlot |
| +) { |
| + xmlSecAssert( keySlot != NULL ) ; |
| + |
| + if( keySlot->mechanismList != NULL ) |
| + xmlFree( keySlot->mechanismList ) ; |
| + |
| + if( keySlot->slot != NULL ) |
| + PK11_FreeSlot( keySlot->slot ) ; |
| + |
| + xmlFree( keySlot ) ; |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotBindMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE type |
| +) { |
| + int counter ; |
| + |
| + xmlSecAssert2( keySlot != NULL , 0 ) ; |
| + xmlSecAssert2( keySlot->slot != NULL , 0 ) ; |
| + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; |
| + |
| + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { |
| + if( *( keySlot->mechanismList + counter ) == type ) |
| + return(1) ; |
| + } |
| + |
| + return( 0 ) ; |
| +} |
| + |
| +int |
| +xmlSecNssKeySlotSupportMech( |
| + xmlSecNssKeySlotPtr keySlot , |
| + CK_MECHANISM_TYPE type |
| +) { |
| + xmlSecAssert2( keySlot != NULL , 0 ) ; |
| + xmlSecAssert2( keySlot->slot != NULL , 0 ) ; |
| + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; |
| + |
| + if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { |
| + return(1); |
| + } else |
| + return(0); |
| +} |
| + |
| +void |
| +xmlSecNssKeySlotDebugDump( |
| + xmlSecNssKeySlotPtr keySlot , |
| + FILE* output |
| +) { |
| + xmlSecAssert( keySlot != NULL ) ; |
| + xmlSecAssert( output != NULL ) ; |
| + |
| + fprintf( output, "== KEY SLOT\n" ); |
| +} |
| + |
| +void |
| +xmlSecNssKeySlotDebugXmlDump( |
| + xmlSecNssKeySlotPtr keySlot , |
| + FILE* output |
| +) { |
| +} |
| + |
| +/** |
| + * Key Slot List |
| + */ |
| +#ifdef __MINGW32__ // for runtime-pseudo-reloc |
| +static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { |
| +#else |
| +static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { |
| +#endif |
| + BAD_CAST "mechanism-list", |
| + (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, |
| + (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, |
| + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, |
| + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, |
| +}; |
| + |
| +xmlSecPtrListId |
| +xmlSecNssKeySlotListGetKlass(void) { |
| + return(&xmlSecNssKeySlotPtrListKlass); |
| +} |
| + |
| + |
| +/*- |
| + * Global PKCS#11 crypto token repository -- Key slot list |
| + */ |
| +static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; |
| + |
| +PK11SlotInfo* |
| +xmlSecNssSlotGet( |
| + CK_MECHANISM_TYPE type |
| +) { |
| + PK11SlotInfo* slot = NULL ; |
| + xmlSecNssKeySlotPtr keySlot ; |
| + xmlSecSize ksSize ; |
| + xmlSecSize ksPos ; |
| + char flag ; |
| + |
| + if( _xmlSecNssKeySlotList == NULL ) { |
| + slot = PK11_GetBestSlot( type , NULL ) ; |
| + } else { |
| + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; |
| + |
| + /*- |
| + * Firstly, checking whether the mechanism is bound with a special slot. |
| + * If no bound slot, we try to find the first eligible slot in the list. |
| + */ |
| + for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { |
| + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; |
| + if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { |
| + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; |
| + flag = 2 ; |
| + } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { |
| + slot = xmlSecNssKeySlotGetSlot( keySlot ) ; |
| + flag = 1 ; |
| + } |
| + |
| + if( flag == 2 ) |
| + break ; |
| + } |
| + if( slot != NULL ) |
| + slot = PK11_ReferenceSlot( slot ) ; |
| + } |
| + |
| + if( slot != NULL && PK11_NeedLogin( slot ) ) { |
| + if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + PK11_FreeSlot( slot ) ; |
| + return( NULL ); |
| + } |
| + } |
| + |
| + return slot ; |
| +} |
| + |
| +int |
| +xmlSecNssSlotInitialize( |
| + void |
| +) { |
| + if( _xmlSecNssKeySlotList != NULL ) { |
| + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; |
| + _xmlSecNssKeySlotList = NULL ; |
| + } |
| + |
| + _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; |
| + if( _xmlSecNssKeySlotList == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return( -1 ); |
| + } |
| + |
| + return(0); |
| +} |
| + |
| +void |
| +xmlSecNssSlotShutdown( |
| + void |
| +) { |
| + if( _xmlSecNssKeySlotList != NULL ) { |
| + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; |
| + _xmlSecNssKeySlotList = NULL ; |
| + } |
| +} |
| + |
| +int |
| +xmlSecNssSlotAdopt( |
| + PK11SlotInfo* slot, |
| + CK_MECHANISM_TYPE type |
| +) { |
| + xmlSecNssKeySlotPtr keySlot ; |
| + xmlSecSize ksSize ; |
| + xmlSecSize ksPos ; |
| + char flag ; |
| + |
| + xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; |
| + xmlSecAssert2( slot != NULL, -1 ) ; |
| + |
| + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; |
| + |
| + /*- |
| + * Firstly, checking whether the slot is in the repository already. |
| + */ |
| + flag = 0 ; |
| + for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { |
| + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; |
| + /* If find the slot in the list */ |
| + if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { |
| + /* If mechnism type is valid, bind the slot with the mechanism */ |
| + if( type != CKM_INVALID_MECHANISM ) { |
| + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + } |
| + |
| + flag = 1 ; |
| + } |
| + } |
| + |
| + /* If the slot do not in the list, add a new item to the list */ |
| + if( flag == 0 ) { |
| + /* Create a new KeySlot */ |
| + keySlot = xmlSecNssKeySlotCreate() ; |
| + if( keySlot == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return(-1); |
| + } |
| + |
| + /* Initialize the keySlot with a slot */ |
| + if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecNssKeySlotDestroy( keySlot ) ; |
| + return(-1); |
| + } |
| + |
| + /* If mechnism type is valid, bind the slot with the mechanism */ |
| + if( type != CKM_INVALID_MECHANISM ) { |
| + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecNssKeySlotDestroy( keySlot ) ; |
| + return(-1); |
| + } |
| + } |
| + |
| + /* Add keySlot into the list */ |
| + if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + NULL , |
| + NULL , |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecNssKeySlotDestroy( keySlot ) ; |
| + return(-1); |
| + } |
| + } |
| + |
| + return(0); |
| +} |
| + |
| --- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200 |
| @@ -34,7 +34,6 @@ |
| #include <xmlsec/keys.h> |
| #include <xmlsec/keyinfo.h> |
| #include <xmlsec/keysmngr.h> |
| -#include <xmlsec/x509.h> |
| #include <xmlsec/base64.h> |
| #include <xmlsec/errors.h> |
| |
| @@ -61,33 +60,18 @@ |
| static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, |
| xmlNodePtr node, |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| -static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, |
| - xmlNodePtr node, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx); |
| static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, |
| xmlNodePtr node, |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| -static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, |
| - xmlNodePtr node, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx); |
| static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, |
| xmlNodePtr node, |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| -static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, |
| - xmlNodePtr node, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx); |
| static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, |
| xmlNodePtr node, |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| -static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, |
| - xmlNodePtr node, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx); |
| static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, |
| xmlNodePtr node, |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| -static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, |
| - xmlNodePtr node, |
| - xmlSecKeyInfoCtxPtr keyInfoCtx); |
| static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, |
| xmlSecKeyPtr key, |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| @@ -104,9 +88,6 @@ |
| xmlSecKeyInfoCtxPtr keyInfoCtx); |
| static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, |
| int base64LineWrap); |
| -static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); |
| -static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); |
| -static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); |
| static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, |
| FILE* output); |
| static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, |
| @@ -752,31 +733,22 @@ |
| xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, |
| xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| xmlSecKeyDataPtr data; |
| + xmlNodePtr cur; |
| + xmlChar* buf; |
| CERTCertificate* cert; |
| CERTSignedCrl* crl; |
| xmlSecSize size, pos; |
| - int content = 0; |
| - int ret; |
| |
| xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); |
| xmlSecAssert2(key != NULL, -1); |
| xmlSecAssert2(node != NULL, -1); |
| xmlSecAssert2(keyInfoCtx != NULL, -1); |
| |
| - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); |
| - if (content < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecX509DataGetNodeContent", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "content=%d", content); |
| - return(-1); |
| - } else if(content == 0) { |
| - /* by default we are writing certificates and crls */ |
| - content = XMLSEC_X509DATA_DEFAULT; |
| + /* todo: flag in ctx remove all existing content */ |
| + if(0) { |
| + xmlNodeSetContent(node, NULL); |
| } |
| |
| - /* get x509 data */ |
| data = xmlSecKeyGetData(key, id); |
| if(data == NULL) { |
| /* no x509 data in the key */ |
| @@ -796,79 +768,74 @@ |
| return(-1); |
| } |
| |
| - if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { |
| - ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); |
| - if(ret < 0) { |
| + /* set base64 lines size from context */ |
| + buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); |
| + if(buf == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecNssX509CertificateNodeWrite", |
| + "xmlSecNssX509CertBase64DerWrite", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "pos=%d", pos); |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| return(-1); |
| - } |
| } |
| |
| - if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { |
| - ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); |
| - if(ret < 0) { |
| + cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); |
| + if(cur == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecNssX509SubjectNameNodeWrite", |
| + "xmlSecAddChild", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "pos=%d", pos); |
| + "node=%s", |
| + xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); |
| + xmlFree(buf); |
| return(-1); |
| - } |
| } |
| + /* todo: add \n around base64 data - from context */ |
| + /* todo: add errors check */ |
| + xmlNodeSetContent(cur, xmlSecStringCR); |
| + xmlNodeSetContent(cur, buf); |
| + xmlFree(buf); |
| + } |
| |
| - if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { |
| - ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); |
| - if(ret < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecNssX509IssuerSerialNodeWrite", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "pos=%d", pos); |
| - return(-1); |
| - } |
| + /* write crls */ |
| + size = xmlSecNssKeyDataX509GetCrlsSize(data); |
| + for(pos = 0; pos < size; ++pos) { |
| + crl = xmlSecNssKeyDataX509GetCrl(data, pos); |
| + if(crl == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecNssKeyDataX509GetCrl", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "pos=%d", pos); |
| + return(-1); |
| } |
| |
| - if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { |
| - ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); |
| - if(ret < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecNssX509SKINodeWrite", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "pos=%d", pos); |
| - return(-1); |
| - } |
| + /* set base64 lines size from context */ |
| + buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); |
| + if(buf == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecNssX509CrlBase64DerWrite", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return(-1); |
| } |
| - } |
| |
| - /* write crls if needed */ |
| - if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { |
| - size = xmlSecNssKeyDataX509GetCrlsSize(data); |
| - for(pos = 0; pos < size; ++pos) { |
| - crl = xmlSecNssKeyDataX509GetCrl(data, pos); |
| - if(crl == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecNssKeyDataX509GetCrl", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "pos=%d", pos); |
| - return(-1); |
| - } |
| - |
| - ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); |
| - if(ret < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| - "xmlSecNssX509CRLNodeWrite", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "pos=%d", pos); |
| - return(-1); |
| - } |
| - } |
| + cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); |
| + if(cur == NULL) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), |
| + "xmlSecAddChild", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "new_node=%s", |
| + xmlSecErrorsSafeString(xmlSecNodeX509CRL)); |
| + xmlFree(buf); |
| + return(-1); |
| + } |
| + /* todo: add \n around base64 data - from context */ |
| + /* todo: add errors check */ |
| + xmlNodeSetContent(cur, xmlSecStringCR); |
| + xmlNodeSetContent(cur, buf); |
| } |
| |
| return(0); |
| @@ -1057,46 +1024,6 @@ |
| return(0); |
| } |
| |
| -static int |
| -xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| - xmlChar* buf; |
| - xmlNodePtr cur; |
| - |
| - xmlSecAssert2(cert != NULL, -1); |
| - xmlSecAssert2(node != NULL, -1); |
| - xmlSecAssert2(keyInfoCtx != NULL, -1); |
| - |
| - /* set base64 lines size from context */ |
| - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); |
| - if(buf == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509CertBase64DerWrite", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(-1); |
| - } |
| - |
| - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); |
| - if(cur == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); |
| - xmlFree(buf); |
| - return(-1); |
| - } |
| - |
| - /* todo: add \n around base64 data - from context */ |
| - /* todo: add errors check */ |
| - xmlNodeSetContent(cur, xmlSecStringCR); |
| - xmlNodeSetContent(cur, buf); |
| - xmlFree(buf); |
| - return(0); |
| -} |
| - |
| static int |
| xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| xmlSecKeyDataStorePtr x509Store; |
| @@ -1120,19 +1047,13 @@ |
| } |
| |
| subject = xmlNodeGetContent(node); |
| - if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { |
| - if(subject != NULL) { |
| - xmlFree(subject); |
| - } |
| - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { |
| + if(subject == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| xmlSecErrorsSafeString(xmlSecNodeGetName(node)), |
| XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, |
| XMLSEC_ERRORS_NO_MESSAGE); |
| return(-1); |
| - } |
| - return(0); |
| } |
| |
| cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); |
| @@ -1169,40 +1090,6 @@ |
| return(0); |
| } |
| |
| -static int |
| -xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { |
| - xmlChar* buf = NULL; |
| - xmlNodePtr cur = NULL; |
| - |
| - xmlSecAssert2(cert != NULL, -1); |
| - xmlSecAssert2(node != NULL, -1); |
| - |
| - buf = xmlSecNssX509NameWrite(&(cert->subject)); |
| - if(buf == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameWrite(&(cert->subject))", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(-1); |
| - } |
| - |
| - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); |
| - if(cur == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); |
| - xmlFree(buf); |
| - return(-1); |
| - } |
| - xmlSecNodeEncodeAndSetContent(cur, buf); |
| - xmlFree(buf); |
| - return(0); |
| -} |
| - |
| static int |
| xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| xmlSecKeyDataStorePtr x509Store; |
| @@ -1228,21 +1115,9 @@ |
| } |
| |
| cur = xmlSecGetNextElementNode(node->children); |
| - if(cur == NULL) { |
| - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), |
| - XMLSEC_ERRORS_R_NODE_NOT_FOUND, |
| - "node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); |
| - return(-1); |
| - } |
| - return(0); |
| - } |
| |
| /* the first is required node X509IssuerName */ |
| - if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { |
| + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), |
| @@ -1336,78 +1211,6 @@ |
| return(0); |
| } |
| |
| -static int |
| -xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { |
| - xmlNodePtr cur; |
| - xmlNodePtr issuerNameNode; |
| - xmlNodePtr issuerNumberNode; |
| - xmlChar* buf; |
| - |
| - xmlSecAssert2(cert != NULL, -1); |
| - xmlSecAssert2(node != NULL, -1); |
| - |
| - /* create xml nodes */ |
| - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); |
| - if(cur == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); |
| - return(-1); |
| - } |
| - |
| - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); |
| - if(issuerNameNode == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); |
| - return(-1); |
| - } |
| - |
| - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); |
| - if(issuerNumberNode == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); |
| - return(-1); |
| - } |
| - |
| - /* write data */ |
| - buf = xmlSecNssX509NameWrite(&(cert->issuer)); |
| - if(buf == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameWrite(&(cert->issuer))", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(-1); |
| - } |
| - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); |
| - xmlFree(buf); |
| - |
| - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); |
| - if(buf == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(-1); |
| - } |
| - xmlNodeSetContent(issuerNumberNode, buf); |
| - xmlFree(buf); |
| - |
| - return(0); |
| -} |
| - |
| static int |
| xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| xmlSecKeyDataStorePtr x509Store; |
| @@ -1431,11 +1234,7 @@ |
| } |
| |
| ski = xmlNodeGetContent(node); |
| - if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { |
| - if(ski != NULL) { |
| - xmlFree(ski); |
| - } |
| - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { |
| + if(ski == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| xmlSecErrorsSafeString(xmlSecNodeGetName(node)), |
| @@ -1443,8 +1242,6 @@ |
| "node=%s", |
| xmlSecErrorsSafeString(xmlSecNodeX509SKI)); |
| return(-1); |
| - } |
| - return(0); |
| } |
| |
| cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); |
| @@ -1479,41 +1276,6 @@ |
| return(0); |
| } |
| |
| -static int |
| -xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { |
| - xmlChar *buf = NULL; |
| - xmlNodePtr cur = NULL; |
| - |
| - xmlSecAssert2(cert != NULL, -1); |
| - xmlSecAssert2(node != NULL, -1); |
| - |
| - buf = xmlSecNssX509SKIWrite(cert); |
| - if(buf == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509SKIWrite", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(-1); |
| - } |
| - |
| - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); |
| - if(cur == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "new_node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); |
| - xmlFree(buf); |
| - return(-1); |
| - } |
| - xmlSecNodeEncodeAndSetContent(cur, buf); |
| - xmlFree(buf); |
| - |
| - return(0); |
| -} |
| - |
| static int |
| xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| xmlChar *content; |
| @@ -1524,19 +1286,13 @@ |
| xmlSecAssert2(keyInfoCtx != NULL, -1); |
| |
| content = xmlNodeGetContent(node); |
| - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { |
| - if(content != NULL) { |
| - xmlFree(content); |
| - } |
| - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { |
| + if(content == NULL){ |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| xmlSecErrorsSafeString(xmlSecNodeGetName(node)), |
| XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, |
| XMLSEC_ERRORS_NO_MESSAGE); |
| return(-1); |
| - } |
| - return(0); |
| } |
| |
| crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); |
| @@ -1556,47 +1312,6 @@ |
| } |
| |
| static int |
| -xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| - xmlChar* buf = NULL; |
| - xmlNodePtr cur = NULL; |
| - |
| - xmlSecAssert2(crl != NULL, -1); |
| - xmlSecAssert2(node != NULL, -1); |
| - xmlSecAssert2(keyInfoCtx != NULL, -1); |
| - |
| - /* set base64 lines size from context */ |
| - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); |
| - if(buf == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509CrlBase64DerWrite", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(-1); |
| - } |
| - |
| - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); |
| - if(cur == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecAddChild", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "new_node=%s", |
| - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); |
| - xmlFree(buf); |
| - return(-1); |
| - } |
| - /* todo: add \n around base64 data - from context */ |
| - /* todo: add errors check */ |
| - xmlNodeSetContent(cur, xmlSecStringCR); |
| - xmlNodeSetContent(cur, buf); |
| - xmlFree(buf); |
| - |
| - return(0); |
| -} |
| - |
| - |
| -static int |
| xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, |
| xmlSecKeyInfoCtxPtr keyInfoCtx) { |
| xmlSecNssX509DataCtxPtr ctx; |
| @@ -1604,6 +1319,10 @@ |
| int ret; |
| SECStatus status; |
| PRTime notBefore, notAfter; |
| + |
| + PK11SlotInfo* slot ; |
| + SECKEYPublicKey *pubKey = NULL; |
| + SECKEYPrivateKey *priKey = NULL; |
| |
| xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); |
| xmlSecAssert2(key != NULL, -1); |
| @@ -1636,10 +1355,14 @@ |
| xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), |
| "CERT_DupCertificate", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| return(-1); |
| } |
| - |
| + |
| + /*- |
| + * Get Public key from cert, which does not always work for sign |
| + * action. |
| + * |
| keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); |
| if(keyValue == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| @@ -1649,6 +1372,54 @@ |
| XMLSEC_ERRORS_NO_MESSAGE); |
| return(-1); |
| } |
| + */ |
| + /*- |
| + * I'll search key according to KeyReq. |
| + */ |
| + slot = cert->slot ; |
| + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { |
| + if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "PK11_FindPrivateKeyFromCert" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + return -1 ; |
| + } |
| + } |
| + |
| + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { |
| + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "CERT_ExtractPublicKey" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + |
| + if( priKey != NULL ) |
| + SECKEY_DestroyPrivateKey( priKey ) ; |
| + return -1 ; |
| + } |
| + } |
| + |
| + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); |
| + if( keyValue == NULL ) { |
| + xmlSecError( XMLSEC_ERRORS_HERE , |
| + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , |
| + "xmlSecNssPKIAdoptKey" , |
| + XMLSEC_ERRORS_R_CRYPTO_FAILED , |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + |
| + if( priKey != NULL ) |
| + SECKEY_DestroyPrivateKey( priKey ) ; |
| + |
| + if( pubKey != NULL ) |
| + SECKEY_DestroyPublicKey( pubKey ) ; |
| + |
| + return -1 ; |
| + } |
| + /* Modify keyValue get Done */ |
| |
| /* verify that the key matches our expectations */ |
| if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { |
| @@ -1950,86 +1721,6 @@ |
| return(res); |
| } |
| |
| -static xmlChar* |
| -xmlSecNssX509NameWrite(CERTName* nm) { |
| - xmlChar *res = NULL; |
| - char *str; |
| - |
| - xmlSecAssert2(nm != NULL, NULL); |
| - |
| - str = CERT_NameToAscii(nm); |
| - if (str == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "CERT_NameToAscii", |
| - XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(NULL); |
| - } |
| - |
| - res = xmlStrdup(BAD_CAST str); |
| - if(res == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlStrdup", |
| - XMLSEC_ERRORS_R_MALLOC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - PORT_Free(str); |
| - return(NULL); |
| - } |
| - PORT_Free(str); |
| - return(res); |
| -} |
| - |
| -static xmlChar* |
| -xmlSecNssASN1IntegerWrite(SECItem *num) { |
| - xmlChar *res = NULL; |
| - |
| - xmlSecAssert2(num != NULL, NULL); |
| - |
| - /* TODO : to be implemented after |
| - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed |
| - */ |
| - return(res); |
| -} |
| - |
| -static xmlChar* |
| -xmlSecNssX509SKIWrite(CERTCertificate* cert) { |
| - xmlChar *res = NULL; |
| - SECItem ski; |
| - SECStatus rv; |
| - |
| - xmlSecAssert2(cert != NULL, NULL); |
| - |
| - memset(&ski, 0, sizeof(ski)); |
| - |
| - rv = CERT_FindSubjectKeyIDExtension(cert, &ski); |
| - if (rv != SECSuccess) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "CERT_FindSubjectKeyIDExtension", |
| - XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - SECITEM_FreeItem(&ski, PR_FALSE); |
| - return(NULL); |
| - } |
| - |
| - res = xmlSecBase64Encode(ski.data, ski.len, 0); |
| - if(res == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecBase64Encode", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - SECITEM_FreeItem(&ski, PR_FALSE); |
| - return(NULL); |
| - } |
| - SECITEM_FreeItem(&ski, PR_FALSE); |
| - |
| - return(res); |
| -} |
| - |
| - |
| static void |
| xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { |
| SECItem *sn; |
| --- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200 |
| @@ -30,6 +30,7 @@ |
| #include <xmlsec/keyinfo.h> |
| #include <xmlsec/keysmngr.h> |
| #include <xmlsec/base64.h> |
| +#include <xmlsec/bn.h> |
| #include <xmlsec/errors.h> |
| |
| #include <xmlsec/nss/crypto.h> |
| @@ -61,17 +62,7 @@ |
| |
| static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); |
| static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); |
| -static int xmlSecNssX509NameStringRead (xmlSecByte **str, |
| - int *strLen, |
| - xmlSecByte *res, |
| - int resLen, |
| - xmlSecByte delim, |
| - int ingoreTrailingSpaces); |
| -static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, |
| - int len); |
| - |
| -static void xmlSecNssNumToItem(SECItem *it, unsigned long num); |
| - |
| +static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; |
| |
| static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { |
| sizeof(xmlSecKeyDataStoreKlass), |
| @@ -339,40 +330,28 @@ |
| xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, |
| xmlChar *issuerSerial, xmlChar *ski) { |
| CERTCertificate *cert = NULL; |
| - xmlChar *p = NULL; |
| CERTName *name = NULL; |
| SECItem *nameitem = NULL; |
| PRArenaPool *arena = NULL; |
| |
| if (subjectName != NULL) { |
| - p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); |
| - if (p == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameRead", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "subject=%s", |
| - xmlSecErrorsSafeString(subjectName)); |
| - goto done; |
| - } |
| - |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| NULL, |
| "PORT_NewArena", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| goto done; |
| } |
| |
| - name = CERT_AsciiToName((char*)p); |
| + name = CERT_AsciiToName((char*)subjectName); |
| if (name == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| NULL, |
| "CERT_AsciiToName", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| goto done; |
| } |
| |
| @@ -394,34 +373,23 @@ |
| if((issuerName != NULL) && (issuerSerial != NULL)) { |
| CERTIssuerAndSN issuerAndSN; |
| |
| - p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); |
| - if (p == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameRead", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - "issuer=%s", |
| - xmlSecErrorsSafeString(issuerName)); |
| - goto done; |
| - } |
| - |
| arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); |
| if (arena == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| NULL, |
| "PORT_NewArena", |
| XMLSEC_ERRORS_R_CRYPTO_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| goto done; |
| } |
| |
| - name = CERT_AsciiToName((char*)p); |
| + name = CERT_AsciiToName((char*)issuerName); |
| if (name == NULL) { |
| xmlSecError(XMLSEC_ERRORS_HERE, |
| NULL, |
| "CERT_AsciiToName", |
| XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| + "error code=%d", PORT_GetError()); |
| goto done; |
| } |
| |
| @@ -441,8 +409,15 @@ |
| issuerAndSN.derIssuer.data = nameitem->data; |
| issuerAndSN.derIssuer.len = nameitem->len; |
| |
| - /* TBD: serial num can be arbitrarily long */ |
| - xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); |
| + if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecNssIntegerToItem", |
| + XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| + "serial number=%s", |
| + xmlSecErrorsSafeString(issuerSerial)); |
| + goto done; |
| + } |
| |
| cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), |
| &issuerAndSN); |
| @@ -473,9 +448,6 @@ |
| } |
| |
| done: |
| - if (p != NULL) { |
| - PORT_Free(p); |
| - } |
| if (arena != NULL) { |
| PORT_FreeArena(arena, PR_FALSE); |
| } |
| @@ -486,176 +458,6 @@ |
| return(cert); |
| } |
| |
| -static xmlSecByte * |
| -xmlSecNssX509NameRead(xmlSecByte *str, int len) { |
| - xmlSecByte name[256]; |
| - xmlSecByte value[256]; |
| - xmlSecByte *retval = NULL; |
| - xmlSecByte *p = NULL; |
| - int nameLen, valueLen; |
| - |
| - xmlSecAssert2(str != NULL, NULL); |
| - |
| - /* return string should be no longer than input string */ |
| - retval = (xmlSecByte *)PORT_Alloc(len+1); |
| - if(retval == NULL) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "PORT_Alloc", |
| - XMLSEC_ERRORS_R_MALLOC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - return(NULL); |
| - } |
| - p = retval; |
| - |
| - while(len > 0) { |
| - /* skip spaces after comma or semicolon */ |
| - while((len > 0) && isspace(*str)) { |
| - ++str; --len; |
| - } |
| - |
| - nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); |
| - if(nameLen < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameStringRead", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - goto done; |
| - } |
| - memcpy(p, name, nameLen); |
| - p+=nameLen; |
| - *p++='='; |
| - if(len > 0) { |
| - ++str; --len; |
| - if((*str) == '\"') { |
| - valueLen = xmlSecNssX509NameStringRead(&str, &len, |
| - value, sizeof(value), '"', 1); |
| - if(valueLen < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameStringRead", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - goto done; |
| - } |
| - /* skip spaces before comma or semicolon */ |
| - while((len > 0) && isspace(*str)) { |
| - ++str; --len; |
| - } |
| - if((len > 0) && ((*str) != ',')) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - NULL, |
| - XMLSEC_ERRORS_R_INVALID_DATA, |
| - "comma is expected"); |
| - goto done; |
| - } |
| - if(len > 0) { |
| - ++str; --len; |
| - } |
| - *p++='\"'; |
| - memcpy(p, value, valueLen); |
| - p+=valueLen; |
| - *p++='\"'; |
| - } else if((*str) == '#') { |
| - /* TODO: read octect values */ |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - NULL, |
| - XMLSEC_ERRORS_R_INVALID_DATA, |
| - "reading octect values is not implemented yet"); |
| - goto done; |
| - } else { |
| - valueLen = xmlSecNssX509NameStringRead(&str, &len, |
| - value, sizeof(value), ',', 1); |
| - if(valueLen < 0) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - "xmlSecNssX509NameStringRead", |
| - XMLSEC_ERRORS_R_XMLSEC_FAILED, |
| - XMLSEC_ERRORS_NO_MESSAGE); |
| - goto done; |
| - } |
| - memcpy(p, value, valueLen); |
| - p+=valueLen; |
| - if (len > 0) |
| - *p++=','; |
| - } |
| - } else { |
| - valueLen = 0; |
| - } |
| - if(len > 0) { |
| - ++str; --len; |
| - } |
| - } |
| - |
| - *p = 0; |
| - return(retval); |
| - |
| -done: |
| - PORT_Free(retval); |
| - return (NULL); |
| -} |
| - |
| -static int |
| -xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, |
| - xmlSecByte *res, int resLen, |
| - xmlSecByte delim, int ingoreTrailingSpaces) { |
| - xmlSecByte *p, *q, *nonSpace; |
| - |
| - xmlSecAssert2(str != NULL, -1); |
| - xmlSecAssert2(strLen != NULL, -1); |
| - xmlSecAssert2(res != NULL, -1); |
| - |
| - p = (*str); |
| - nonSpace = q = res; |
| - while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { |
| - if((*p) != '\\') { |
| - if(ingoreTrailingSpaces && !isspace(*p)) { |
| - nonSpace = q; |
| - } |
| - *(q++) = *(p++); |
| - } else { |
| - ++p; |
| - nonSpace = q; |
| - if(xmlSecIsHex((*p))) { |
| - if((p - (*str) + 1) >= (*strLen)) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - NULL, |
| - XMLSEC_ERRORS_R_INVALID_DATA, |
| - "two hex digits expected"); |
| - return(-1); |
| - } |
| - *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); |
| - p += 2; |
| - } else { |
| - if(((++p) - (*str)) >= (*strLen)) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - NULL, |
| - XMLSEC_ERRORS_R_INVALID_DATA, |
| - "escaped symbol missed"); |
| - return(-1); |
| - } |
| - *(q++) = *(p++); |
| - } |
| - } |
| - } |
| - if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { |
| - xmlSecError(XMLSEC_ERRORS_HERE, |
| - NULL, |
| - NULL, |
| - XMLSEC_ERRORS_R_INVALID_SIZE, |
| - "buffer is too small"); |
| - return(-1); |
| - } |
| - (*strLen) -= (p - (*str)); |
| - (*str) = p; |
| - return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); |
| -} |
| - |
| /* code lifted from NSS */ |
| static void |
| xmlSecNssNumToItem(SECItem *it, unsigned long ui) |
| @@ -699,6 +501,77 @@ |
| it->len = len; |
| PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); |
| } |
| + |
| +static int |
| +xmlSecNssIntegerToItem( |
| + const xmlChar* integer , |
| + SECItem *item |
| +) { |
| + xmlSecBn bn ; |
| + xmlSecSize i, length ; |
| + const xmlSecByte* bnInteger ; |
| + |
| + xmlSecAssert2( integer != NULL, -1 ) ; |
| + xmlSecAssert2( item != NULL, -1 ) ; |
| + |
| + if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecBnInitialize", |
| + XMLSEC_ERRORS_R_INVALID_DATA, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + return -1 ; |
| + } |
| + |
| + if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecBnFromDecString", |
| + XMLSEC_ERRORS_R_INVALID_DATA, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + xmlSecBnFinalize( &bn ) ; |
| + return -1 ; |
| + } |
| + |
| + length = xmlSecBnGetSize( &bn ) ; |
| + if( length <= 0 ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecBnGetSize", |
| + XMLSEC_ERRORS_R_INVALID_DATA, |
| + XMLSEC_ERRORS_NO_MESSAGE); |
| + } |
| + |
| + bnInteger = xmlSecBnGetData( &bn ) ; |
| + if( bnInteger == NULL ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "xmlSecBnGetData", |
| + XMLSEC_ERRORS_R_INVALID_DATA, |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecBnFinalize( &bn ) ; |
| + return -1 ; |
| + } |
| + |
| + item->data = ( unsigned char * )PORT_Alloc( length ); |
| + if( item->data == NULL ) { |
| + xmlSecError(XMLSEC_ERRORS_HERE, |
| + NULL, |
| + "PORT_Alloc", |
| + XMLSEC_ERRORS_R_INVALID_DATA, |
| + XMLSEC_ERRORS_NO_MESSAGE ) ; |
| + xmlSecBnFinalize( &bn ) ; |
| + return -1 ; |
| + } |
| + |
| + item->len = length; |
| + for( i = 0 ; i < length ; i ++ ) |
| + item->data[i] = *( bnInteger + i ) ; |
| + |
| + xmlSecBnFinalize( &bn ) ; |
| + |
| + return 0 ; |
| +} |
| #endif /* XMLSEC_NO_X509 */ |
| |
| |
| --- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 |
| +++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200 |
| @@ -218,6 +218,9 @@ |
| $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj |
| |
| XMLSEC_NSS_OBJS = \ |
| + $(XMLSEC_NSS_INTDIR)\akmngr.obj\ |
| + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ |
| + $(XMLSEC_NSS_INTDIR)\tokens.obj\ |
| $(XMLSEC_NSS_INTDIR)\app.obj\ |
| $(XMLSEC_NSS_INTDIR)\bignum.obj\ |
| $(XMLSEC_NSS_INTDIR)\ciphers.obj \ |
| @@ -253,6 +256,7 @@ |
| $(XMLSEC_NSS_INTDIR_A)\strings.obj |
| |
| XMLSEC_MSCRYPTO_OBJS = \ |
| + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ |
| $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ |
| $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ |
| $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ |