1*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200 2*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200 3*cdf0e10cSrcweir@@ -3,6 +3,7 @@ 4*cdf0e10cSrcweir xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto 5*cdf0e10cSrcweir 6*cdf0e10cSrcweir xmlsecmscryptoinc_HEADERS = \ 7*cdf0e10cSrcweir+akmngr.h \ 8*cdf0e10cSrcweir app.h \ 9*cdf0e10cSrcweir certkeys.h \ 10*cdf0e10cSrcweir crypto.h \ 11*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200 12*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200 13*cdf0e10cSrcweir@@ -281,6 +281,7 @@ 14*cdf0e10cSrcweir NULL = 15*cdf0e10cSrcweir xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto 16*cdf0e10cSrcweir xmlsecmscryptoinc_HEADERS = \ 17*cdf0e10cSrcweir+akmngr.h \ 18*cdf0e10cSrcweir app.h \ 19*cdf0e10cSrcweir certkeys.h \ 20*cdf0e10cSrcweir crypto.h \ 21*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200 22*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200 23*cdf0e10cSrcweir@@ -1 +1,71 @@ 24*cdf0e10cSrcweir-dummy 25*cdf0e10cSrcweir+/** 26*cdf0e10cSrcweir+ * XMLSec library 27*cdf0e10cSrcweir+ * 28*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 29*cdf0e10cSrcweir+ * distribution for preciese wording. 30*cdf0e10cSrcweir+ * 31*cdf0e10cSrcweir+ * Copyright .......................... 32*cdf0e10cSrcweir+ */ 33*cdf0e10cSrcweir+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ 34*cdf0e10cSrcweir+#define __XMLSEC_MSCRYPTO_AKMNGR_H__ 35*cdf0e10cSrcweir+ 36*cdf0e10cSrcweir+#include <windows.h> 37*cdf0e10cSrcweir+#include <wincrypt.h> 38*cdf0e10cSrcweir+ 39*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 40*cdf0e10cSrcweir+#include <xmlsec/keys.h> 41*cdf0e10cSrcweir+#include <xmlsec/transforms.h> 42*cdf0e10cSrcweir+ 43*cdf0e10cSrcweir+#ifdef __cplusplus 44*cdf0e10cSrcweir+extern "C" { 45*cdf0e10cSrcweir+#endif /* __cplusplus */ 46*cdf0e10cSrcweir+ 47*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr 48*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrCreate( 49*cdf0e10cSrcweir+ HCERTSTORE keyStore , 50*cdf0e10cSrcweir+ HCERTSTORE certStore 51*cdf0e10cSrcweir+) ; 52*cdf0e10cSrcweir+ 53*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 54*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( 55*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 56*cdf0e10cSrcweir+ HCRYPTKEY symKey 57*cdf0e10cSrcweir+) ; 58*cdf0e10cSrcweir+ 59*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 60*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( 61*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 62*cdf0e10cSrcweir+ HCRYPTKEY pubKey 63*cdf0e10cSrcweir+) ; 64*cdf0e10cSrcweir+ 65*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 66*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( 67*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 68*cdf0e10cSrcweir+ HCRYPTKEY priKey 69*cdf0e10cSrcweir+) ; 70*cdf0e10cSrcweir+ 71*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 72*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( 73*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 74*cdf0e10cSrcweir+ HCERTSTORE keyStore 75*cdf0e10cSrcweir+) ; 76*cdf0e10cSrcweir+ 77*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 78*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( 79*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 80*cdf0e10cSrcweir+ HCERTSTORE trustedStore 81*cdf0e10cSrcweir+) ; 82*cdf0e10cSrcweir+ 83*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 84*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( 85*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 86*cdf0e10cSrcweir+ HCERTSTORE untrustedStore 87*cdf0e10cSrcweir+) ; 88*cdf0e10cSrcweir+ 89*cdf0e10cSrcweir+#ifdef __cplusplus 90*cdf0e10cSrcweir+} 91*cdf0e10cSrcweir+#endif /* __cplusplus */ 92*cdf0e10cSrcweir+ 93*cdf0e10cSrcweir+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ 94*cdf0e10cSrcweir+ 95*cdf0e10cSrcweir+ 96*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 97*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200 98*cdf0e10cSrcweir@@ -10,6 +10,9 @@ 99*cdf0e10cSrcweir keysstore.h \ 100*cdf0e10cSrcweir pkikeys.h \ 101*cdf0e10cSrcweir x509.h \ 102*cdf0e10cSrcweir+akmngr.h \ 103*cdf0e10cSrcweir+tokens.h \ 104*cdf0e10cSrcweir+ciphers.h \ 105*cdf0e10cSrcweir $(NULL) 106*cdf0e10cSrcweir 107*cdf0e10cSrcweir install-exec-hook: 108*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200 109*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200 110*cdf0e10cSrcweir@@ -288,6 +288,9 @@ 111*cdf0e10cSrcweir keysstore.h \ 112*cdf0e10cSrcweir pkikeys.h \ 113*cdf0e10cSrcweir x509.h \ 114*cdf0e10cSrcweir+akmngr.h \ 115*cdf0e10cSrcweir+tokens.h \ 116*cdf0e10cSrcweir+ciphers.h \ 117*cdf0e10cSrcweir $(NULL) 118*cdf0e10cSrcweir 119*cdf0e10cSrcweir all: all-am 120*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200 121*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200 122*cdf0e10cSrcweir@@ -1 +1,56 @@ 123*cdf0e10cSrcweir-dummy 124*cdf0e10cSrcweir+/** 125*cdf0e10cSrcweir+ * XMLSec library 126*cdf0e10cSrcweir+ * 127*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 128*cdf0e10cSrcweir+ * distribution for preciese wording. 129*cdf0e10cSrcweir+ * 130*cdf0e10cSrcweir+ * Copyright .......................... 131*cdf0e10cSrcweir+ */ 132*cdf0e10cSrcweir+#ifndef __XMLSEC_NSS_AKMNGR_H__ 133*cdf0e10cSrcweir+#define __XMLSEC_NSS_AKMNGR_H__ 134*cdf0e10cSrcweir+ 135*cdf0e10cSrcweir+#include <nss.h> 136*cdf0e10cSrcweir+#include <nspr.h> 137*cdf0e10cSrcweir+#include <pk11func.h> 138*cdf0e10cSrcweir+#include <cert.h> 139*cdf0e10cSrcweir+ 140*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 141*cdf0e10cSrcweir+#include <xmlsec/keys.h> 142*cdf0e10cSrcweir+#include <xmlsec/transforms.h> 143*cdf0e10cSrcweir+ 144*cdf0e10cSrcweir+#ifdef __cplusplus 145*cdf0e10cSrcweir+extern "C" { 146*cdf0e10cSrcweir+#endif /* __cplusplus */ 147*cdf0e10cSrcweir+ 148*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr 149*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrCreate( 150*cdf0e10cSrcweir+ PK11SlotInfo** slots, 151*cdf0e10cSrcweir+ int cSlots, 152*cdf0e10cSrcweir+ CERTCertDBHandle* handler 153*cdf0e10cSrcweir+) ; 154*cdf0e10cSrcweir+ 155*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 156*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrSymKeyLoad( 157*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 158*cdf0e10cSrcweir+ PK11SymKey* symKey 159*cdf0e10cSrcweir+) ; 160*cdf0e10cSrcweir+ 161*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 162*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrPubKeyLoad( 163*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 164*cdf0e10cSrcweir+ SECKEYPublicKey* pubKey 165*cdf0e10cSrcweir+) ; 166*cdf0e10cSrcweir+ 167*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 168*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrPriKeyLoad( 169*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 170*cdf0e10cSrcweir+ SECKEYPrivateKey* priKey 171*cdf0e10cSrcweir+) ; 172*cdf0e10cSrcweir+ 173*cdf0e10cSrcweir+#ifdef __cplusplus 174*cdf0e10cSrcweir+} 175*cdf0e10cSrcweir+#endif /* __cplusplus */ 176*cdf0e10cSrcweir+ 177*cdf0e10cSrcweir+#endif /* __XMLSEC_NSS_AKMNGR_H__ */ 178*cdf0e10cSrcweir+ 179*cdf0e10cSrcweir+ 180*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200 181*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200 182*cdf0e10cSrcweir@@ -22,6 +22,9 @@ 183*cdf0e10cSrcweir #include <xmlsec/keysmngr.h> 184*cdf0e10cSrcweir #include <xmlsec/transforms.h> 185*cdf0e10cSrcweir 186*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 187*cdf0e10cSrcweir+#include <xmlsec/nss/akmngr.h> 188*cdf0e10cSrcweir+ 189*cdf0e10cSrcweir /** 190*cdf0e10cSrcweir * Init/shutdown 191*cdf0e10cSrcweir */ 192*cdf0e10cSrcweir@@ -36,6 +39,8 @@ 193*cdf0e10cSrcweir xmlSecKeyPtr key); 194*cdf0e10cSrcweir XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, 195*cdf0e10cSrcweir const char* uri); 196*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, 197*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot); 198*cdf0e10cSrcweir XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, 199*cdf0e10cSrcweir const char* filename, 200*cdf0e10cSrcweir xmlSecKeyDataType type); 201*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200 202*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200 203*cdf0e10cSrcweir@@ -1 +1,35 @@ 204*cdf0e10cSrcweir-dummy 205*cdf0e10cSrcweir+/** 206*cdf0e10cSrcweir+ * XMLSec library 207*cdf0e10cSrcweir+ * 208*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 209*cdf0e10cSrcweir+ * distribution for preciese wording. 210*cdf0e10cSrcweir+ * 211*cdf0e10cSrcweir+ * Copyright .......................... 212*cdf0e10cSrcweir+ */ 213*cdf0e10cSrcweir+#ifndef __XMLSEC_NSS_CIPHERS_H__ 214*cdf0e10cSrcweir+#define __XMLSEC_NSS_CIPHERS_H__ 215*cdf0e10cSrcweir+ 216*cdf0e10cSrcweir+#ifdef __cplusplus 217*cdf0e10cSrcweir+extern "C" { 218*cdf0e10cSrcweir+#endif /* __cplusplus */ 219*cdf0e10cSrcweir+ 220*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 221*cdf0e10cSrcweir+#include <xmlsec/keys.h> 222*cdf0e10cSrcweir+#include <xmlsec/transforms.h> 223*cdf0e10cSrcweir+ 224*cdf0e10cSrcweir+ 225*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, 226*cdf0e10cSrcweir+ PK11SymKey* symkey ) ; 227*cdf0e10cSrcweir+ 228*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; 229*cdf0e10cSrcweir+ 230*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); 231*cdf0e10cSrcweir+ 232*cdf0e10cSrcweir+ 233*cdf0e10cSrcweir+#ifdef __cplusplus 234*cdf0e10cSrcweir+} 235*cdf0e10cSrcweir+#endif /* __cplusplus */ 236*cdf0e10cSrcweir+ 237*cdf0e10cSrcweir+#endif /* __XMLSEC_NSS_CIPHERS_H__ */ 238*cdf0e10cSrcweir+ 239*cdf0e10cSrcweir+ 240*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200 241*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200 242*cdf0e10cSrcweir@@ -16,6 +16,8 @@ 243*cdf0e10cSrcweir #endif /* __cplusplus */ 244*cdf0e10cSrcweir 245*cdf0e10cSrcweir #include <xmlsec/xmlsec.h> 246*cdf0e10cSrcweir+#include <xmlsec/keysmngr.h> 247*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 248*cdf0e10cSrcweir 249*cdf0e10cSrcweir /**************************************************************************** 250*cdf0e10cSrcweir * 251*cdf0e10cSrcweir@@ -31,6 +33,8 @@ 252*cdf0e10cSrcweir XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); 253*cdf0e10cSrcweir XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, 254*cdf0e10cSrcweir xmlSecKeyPtr key); 255*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, 256*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot); 257*cdf0e10cSrcweir XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, 258*cdf0e10cSrcweir const char *uri, 259*cdf0e10cSrcweir xmlSecKeysMngrPtr keysMngr); 260*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200 261*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200 262*cdf0e10cSrcweir@@ -1 +1,182 @@ 263*cdf0e10cSrcweir-dummy 264*cdf0e10cSrcweir+/** 265*cdf0e10cSrcweir+ * XMLSec library 266*cdf0e10cSrcweir+ * 267*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 268*cdf0e10cSrcweir+ * distribution for preciese wording. 269*cdf0e10cSrcweir+ * 270*cdf0e10cSrcweir+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. 271*cdf0e10cSrcweir+ * 272*cdf0e10cSrcweir+ * Contributor(s): _____________________________ 273*cdf0e10cSrcweir+ * 274*cdf0e10cSrcweir+ */ 275*cdf0e10cSrcweir+#ifndef __XMLSEC_NSS_TOKENS_H__ 276*cdf0e10cSrcweir+#define __XMLSEC_NSS_TOKENS_H__ 277*cdf0e10cSrcweir+ 278*cdf0e10cSrcweir+#include <string.h> 279*cdf0e10cSrcweir+ 280*cdf0e10cSrcweir+#include <nss.h> 281*cdf0e10cSrcweir+#include <pk11func.h> 282*cdf0e10cSrcweir+ 283*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 284*cdf0e10cSrcweir+#include <xmlsec/list.h> 285*cdf0e10cSrcweir+ 286*cdf0e10cSrcweir+#ifdef __cplusplus 287*cdf0e10cSrcweir+extern "C" { 288*cdf0e10cSrcweir+#endif /* __cplusplus */ 289*cdf0e10cSrcweir+ 290*cdf0e10cSrcweir+/** 291*cdf0e10cSrcweir+ * xmlSecNssKeySlotListId 292*cdf0e10cSrcweir+ * 293*cdf0e10cSrcweir+ * The crypto mechanism list klass 294*cdf0e10cSrcweir+ */ 295*cdf0e10cSrcweir+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() 296*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; 297*cdf0e10cSrcweir+ 298*cdf0e10cSrcweir+/******************************************* 299*cdf0e10cSrcweir+ * KeySlot interfaces 300*cdf0e10cSrcweir+ *******************************************/ 301*cdf0e10cSrcweir+/** 302*cdf0e10cSrcweir+ * Internal NSS key slot data 303*cdf0e10cSrcweir+ * @mechanismList: the mechanisms that the slot bound with. 304*cdf0e10cSrcweir+ * @slot: the pkcs slot 305*cdf0e10cSrcweir+ * 306*cdf0e10cSrcweir+ * This context is located after xmlSecPtrList 307*cdf0e10cSrcweir+ */ 308*cdf0e10cSrcweir+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; 309*cdf0e10cSrcweir+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; 310*cdf0e10cSrcweir+ 311*cdf0e10cSrcweir+struct _xmlSecNssKeySlot { 312*cdf0e10cSrcweir+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ 313*cdf0e10cSrcweir+ PK11SlotInfo* slot ; 314*cdf0e10cSrcweir+} ; 315*cdf0e10cSrcweir+ 316*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 317*cdf0e10cSrcweir+xmlSecNssKeySlotSetMechList( 318*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 319*cdf0e10cSrcweir+ CK_MECHANISM_TYPE_PTR mechanismList 320*cdf0e10cSrcweir+) ; 321*cdf0e10cSrcweir+ 322*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 323*cdf0e10cSrcweir+xmlSecNssKeySlotEnableMech( 324*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 325*cdf0e10cSrcweir+ CK_MECHANISM_TYPE mechanism 326*cdf0e10cSrcweir+) ; 327*cdf0e10cSrcweir+ 328*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 329*cdf0e10cSrcweir+xmlSecNssKeySlotDisableMech( 330*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 331*cdf0e10cSrcweir+ CK_MECHANISM_TYPE mechanism 332*cdf0e10cSrcweir+) ; 333*cdf0e10cSrcweir+ 334*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR 335*cdf0e10cSrcweir+xmlSecNssKeySlotGetMechList( 336*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 337*cdf0e10cSrcweir+) ; 338*cdf0e10cSrcweir+ 339*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 340*cdf0e10cSrcweir+xmlSecNssKeySlotSetSlot( 341*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 342*cdf0e10cSrcweir+ PK11SlotInfo* slot 343*cdf0e10cSrcweir+) ; 344*cdf0e10cSrcweir+ 345*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 346*cdf0e10cSrcweir+xmlSecNssKeySlotInitialize( 347*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 348*cdf0e10cSrcweir+ PK11SlotInfo* slot 349*cdf0e10cSrcweir+) ; 350*cdf0e10cSrcweir+ 351*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT void 352*cdf0e10cSrcweir+xmlSecNssKeySlotFinalize( 353*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 354*cdf0e10cSrcweir+) ; 355*cdf0e10cSrcweir+ 356*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* 357*cdf0e10cSrcweir+xmlSecNssKeySlotGetSlot( 358*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 359*cdf0e10cSrcweir+) ; 360*cdf0e10cSrcweir+ 361*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr 362*cdf0e10cSrcweir+xmlSecNssKeySlotCreate() ; 363*cdf0e10cSrcweir+ 364*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 365*cdf0e10cSrcweir+xmlSecNssKeySlotCopy( 366*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr newKeySlot , 367*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 368*cdf0e10cSrcweir+) ; 369*cdf0e10cSrcweir+ 370*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr 371*cdf0e10cSrcweir+xmlSecNssKeySlotDuplicate( 372*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 373*cdf0e10cSrcweir+) ; 374*cdf0e10cSrcweir+ 375*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT void 376*cdf0e10cSrcweir+xmlSecNssKeySlotDestroy( 377*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 378*cdf0e10cSrcweir+) ; 379*cdf0e10cSrcweir+ 380*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 381*cdf0e10cSrcweir+xmlSecNssKeySlotBindMech( 382*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 383*cdf0e10cSrcweir+ CK_MECHANISM_TYPE type 384*cdf0e10cSrcweir+) ; 385*cdf0e10cSrcweir+ 386*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int 387*cdf0e10cSrcweir+xmlSecNssKeySlotSupportMech( 388*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 389*cdf0e10cSrcweir+ CK_MECHANISM_TYPE type 390*cdf0e10cSrcweir+) ; 391*cdf0e10cSrcweir+ 392*cdf0e10cSrcweir+ 393*cdf0e10cSrcweir+/************************************************************************ 394*cdf0e10cSrcweir+ * PKCS#11 crypto token interfaces 395*cdf0e10cSrcweir+ * 396*cdf0e10cSrcweir+ * A PKCS#11 slot repository will be defined internally. From the 397*cdf0e10cSrcweir+ * repository, a user can specify a particular slot for a certain crypto 398*cdf0e10cSrcweir+ * mechanism. 399*cdf0e10cSrcweir+ * 400*cdf0e10cSrcweir+ * In some situation, some cryptographic operation should act in a user 401*cdf0e10cSrcweir+ * designated devices. The interfaces defined here provide the way. If 402*cdf0e10cSrcweir+ * the user do not initialize the repository distinctly, the interfaces 403*cdf0e10cSrcweir+ * use the default functions provided by NSS itself. 404*cdf0e10cSrcweir+ * 405*cdf0e10cSrcweir+ ************************************************************************/ 406*cdf0e10cSrcweir+/** 407*cdf0e10cSrcweir+ * Initialize NSS pkcs#11 slot repository 408*cdf0e10cSrcweir+ * 409*cdf0e10cSrcweir+ * Returns 0 if success or -1 if an error occurs. 410*cdf0e10cSrcweir+ */ 411*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; 412*cdf0e10cSrcweir+ 413*cdf0e10cSrcweir+/** 414*cdf0e10cSrcweir+ * Shutdown and destroy NSS pkcs#11 slot repository 415*cdf0e10cSrcweir+ */ 416*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; 417*cdf0e10cSrcweir+ 418*cdf0e10cSrcweir+/** 419*cdf0e10cSrcweir+ * Get PKCS#11 slot handler 420*cdf0e10cSrcweir+ * @type the mechanism that the slot must support. 421*cdf0e10cSrcweir+ * 422*cdf0e10cSrcweir+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. 423*cdf0e10cSrcweir+ * 424*cdf0e10cSrcweir+ * Notes: The returned handler must be destroied distinctly. 425*cdf0e10cSrcweir+ */ 426*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; 427*cdf0e10cSrcweir+ 428*cdf0e10cSrcweir+/** 429*cdf0e10cSrcweir+ * Adopt a pkcs#11 slot with a mechanism into the repository 430*cdf0e10cSrcweir+ * @slot: the pkcs#11 slot. 431*cdf0e10cSrcweir+ * @mech: the mechanism. 432*cdf0e10cSrcweir+ * 433*cdf0e10cSrcweir+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with 434*cdf0e10cSrcweir+ * this mechanism only can perform on the @slot. 435*cdf0e10cSrcweir+ * 436*cdf0e10cSrcweir+ * Returns 0 if success or -1 if an error occurs. 437*cdf0e10cSrcweir+ */ 438*cdf0e10cSrcweir+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; 439*cdf0e10cSrcweir+ 440*cdf0e10cSrcweir+#ifdef __cplusplus 441*cdf0e10cSrcweir+} 442*cdf0e10cSrcweir+#endif /* __cplusplus */ 443*cdf0e10cSrcweir+ 444*cdf0e10cSrcweir+#endif /* __XMLSEC_NSS_TOKENS_H__ */ 445*cdf0e10cSrcweir+ 446*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200 447*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200 448*cdf0e10cSrcweir@@ -1 +1,236 @@ 449*cdf0e10cSrcweir-dummy 450*cdf0e10cSrcweir+/** 451*cdf0e10cSrcweir+ * XMLSec library 452*cdf0e10cSrcweir+ * 453*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 454*cdf0e10cSrcweir+ * distribution for preciese wording. 455*cdf0e10cSrcweir+ * 456*cdf0e10cSrcweir+ * Copyright......................... 457*cdf0e10cSrcweir+ */ 458*cdf0e10cSrcweir+#include "globals.h" 459*cdf0e10cSrcweir+ 460*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 461*cdf0e10cSrcweir+#include <xmlsec/keys.h> 462*cdf0e10cSrcweir+#include <xmlsec/keysmngr.h> 463*cdf0e10cSrcweir+#include <xmlsec/transforms.h> 464*cdf0e10cSrcweir+#include <xmlsec/errors.h> 465*cdf0e10cSrcweir+ 466*cdf0e10cSrcweir+#include <xmlsec/mscrypto/crypto.h> 467*cdf0e10cSrcweir+#include <xmlsec/mscrypto/keysstore.h> 468*cdf0e10cSrcweir+#include <xmlsec/mscrypto/akmngr.h> 469*cdf0e10cSrcweir+#include <xmlsec/mscrypto/x509.h> 470*cdf0e10cSrcweir+ 471*cdf0e10cSrcweir+/** 472*cdf0e10cSrcweir+ * xmlSecMSCryptoAppliedKeysMngrCreate: 473*cdf0e10cSrcweir+ * @hKeyStore: the pointer to key store. 474*cdf0e10cSrcweir+ * @hCertStore: the pointer to certificate database. 475*cdf0e10cSrcweir+ * 476*cdf0e10cSrcweir+ * Create and load key store and certificate database into keys manager 477*cdf0e10cSrcweir+ * 478*cdf0e10cSrcweir+ * Returns keys manager pointer on success or NULL otherwise. 479*cdf0e10cSrcweir+ */ 480*cdf0e10cSrcweir+xmlSecKeysMngrPtr 481*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrCreate( 482*cdf0e10cSrcweir+ HCERTSTORE hKeyStore , 483*cdf0e10cSrcweir+ HCERTSTORE hCertStore 484*cdf0e10cSrcweir+) { 485*cdf0e10cSrcweir+ xmlSecKeyDataStorePtr certStore = NULL ; 486*cdf0e10cSrcweir+ xmlSecKeysMngrPtr keyMngr = NULL ; 487*cdf0e10cSrcweir+ xmlSecKeyStorePtr keyStore = NULL ; 488*cdf0e10cSrcweir+ 489*cdf0e10cSrcweir+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; 490*cdf0e10cSrcweir+ if( keyStore == NULL ) { 491*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 492*cdf0e10cSrcweir+ NULL , 493*cdf0e10cSrcweir+ "xmlSecKeyStoreCreate" , 494*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 495*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 496*cdf0e10cSrcweir+ return NULL ; 497*cdf0e10cSrcweir+ } 498*cdf0e10cSrcweir+ 499*cdf0e10cSrcweir+ /*- 500*cdf0e10cSrcweir+ * At present, MS Crypto engine do not provide a way to setup a key store. 501*cdf0e10cSrcweir+ */ 502*cdf0e10cSrcweir+ if( keyStore != NULL ) { 503*cdf0e10cSrcweir+ /*TODO: binding key store.*/ 504*cdf0e10cSrcweir+ } 505*cdf0e10cSrcweir+ 506*cdf0e10cSrcweir+ keyMngr = xmlSecKeysMngrCreate() ; 507*cdf0e10cSrcweir+ if( keyMngr == NULL ) { 508*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 509*cdf0e10cSrcweir+ NULL , 510*cdf0e10cSrcweir+ "xmlSecKeysMngrCreate" , 511*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 512*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 513*cdf0e10cSrcweir+ 514*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 515*cdf0e10cSrcweir+ return NULL ; 516*cdf0e10cSrcweir+ } 517*cdf0e10cSrcweir+ 518*cdf0e10cSrcweir+ /*- 519*cdf0e10cSrcweir+ * Add key store to manager, from now on keys manager destroys the store if 520*cdf0e10cSrcweir+ * needed 521*cdf0e10cSrcweir+ */ 522*cdf0e10cSrcweir+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { 523*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 524*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 525*cdf0e10cSrcweir+ "xmlSecKeysMngrAdoptKeyStore" , 526*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 527*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 528*cdf0e10cSrcweir+ 529*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 530*cdf0e10cSrcweir+ xmlSecKeysMngrDestroy( keyMngr ) ; 531*cdf0e10cSrcweir+ return NULL ; 532*cdf0e10cSrcweir+ } 533*cdf0e10cSrcweir+ 534*cdf0e10cSrcweir+ /*- 535*cdf0e10cSrcweir+ * Initialize crypto library specific data in keys manager 536*cdf0e10cSrcweir+ */ 537*cdf0e10cSrcweir+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { 538*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 539*cdf0e10cSrcweir+ NULL , 540*cdf0e10cSrcweir+ "xmlSecMSCryptoKeysMngrInit" , 541*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 542*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 543*cdf0e10cSrcweir+ 544*cdf0e10cSrcweir+ xmlSecKeysMngrDestroy( keyMngr ) ; 545*cdf0e10cSrcweir+ return NULL ; 546*cdf0e10cSrcweir+ } 547*cdf0e10cSrcweir+ 548*cdf0e10cSrcweir+ /*- 549*cdf0e10cSrcweir+ * Set certificate databse to X509 key data store 550*cdf0e10cSrcweir+ */ 551*cdf0e10cSrcweir+ /*- 552*cdf0e10cSrcweir+ * At present, MS Crypto engine do not provide a way to setup a cert store. 553*cdf0e10cSrcweir+ */ 554*cdf0e10cSrcweir+ 555*cdf0e10cSrcweir+ /*- 556*cdf0e10cSrcweir+ * Set the getKey callback 557*cdf0e10cSrcweir+ */ 558*cdf0e10cSrcweir+ keyMngr->getKey = xmlSecKeysMngrGetKey ; 559*cdf0e10cSrcweir+ 560*cdf0e10cSrcweir+ return keyMngr ; 561*cdf0e10cSrcweir+} 562*cdf0e10cSrcweir+ 563*cdf0e10cSrcweir+int 564*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( 565*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 566*cdf0e10cSrcweir+ HCRYPTKEY symKey 567*cdf0e10cSrcweir+) { 568*cdf0e10cSrcweir+ /*TODO: import the key into keys manager.*/ 569*cdf0e10cSrcweir+ return(0) ; 570*cdf0e10cSrcweir+} 571*cdf0e10cSrcweir+ 572*cdf0e10cSrcweir+int 573*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( 574*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 575*cdf0e10cSrcweir+ HCRYPTKEY pubKey 576*cdf0e10cSrcweir+) { 577*cdf0e10cSrcweir+ /*TODO: import the key into keys manager.*/ 578*cdf0e10cSrcweir+ return(0) ; 579*cdf0e10cSrcweir+} 580*cdf0e10cSrcweir+ 581*cdf0e10cSrcweir+int 582*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( 583*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 584*cdf0e10cSrcweir+ HCRYPTKEY priKey 585*cdf0e10cSrcweir+) { 586*cdf0e10cSrcweir+ /*TODO: import the key into keys manager.*/ 587*cdf0e10cSrcweir+ return(0) ; 588*cdf0e10cSrcweir+} 589*cdf0e10cSrcweir+ 590*cdf0e10cSrcweir+int 591*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( 592*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 593*cdf0e10cSrcweir+ HCERTSTORE keyStore 594*cdf0e10cSrcweir+) { 595*cdf0e10cSrcweir+ xmlSecKeyDataStorePtr x509Store ; 596*cdf0e10cSrcweir+ 597*cdf0e10cSrcweir+ xmlSecAssert2( mngr != NULL, -1 ) ; 598*cdf0e10cSrcweir+ xmlSecAssert2( keyStore != NULL, -1 ) ; 599*cdf0e10cSrcweir+ 600*cdf0e10cSrcweir+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; 601*cdf0e10cSrcweir+ if( x509Store == NULL ) { 602*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 603*cdf0e10cSrcweir+ NULL , 604*cdf0e10cSrcweir+ "xmlSecKeysMngrGetDataStore" , 605*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 606*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 607*cdf0e10cSrcweir+ return( -1 ) ; 608*cdf0e10cSrcweir+ } 609*cdf0e10cSrcweir+ 610*cdf0e10cSrcweir+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { 611*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 612*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , 613*cdf0e10cSrcweir+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , 614*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 615*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 616*cdf0e10cSrcweir+ return( -1 ) ; 617*cdf0e10cSrcweir+ } 618*cdf0e10cSrcweir+ 619*cdf0e10cSrcweir+ return( 0 ) ; 620*cdf0e10cSrcweir+} 621*cdf0e10cSrcweir+ 622*cdf0e10cSrcweir+int 623*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( 624*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 625*cdf0e10cSrcweir+ HCERTSTORE trustedStore 626*cdf0e10cSrcweir+) { 627*cdf0e10cSrcweir+ xmlSecKeyDataStorePtr x509Store ; 628*cdf0e10cSrcweir+ 629*cdf0e10cSrcweir+ xmlSecAssert2( mngr != NULL, -1 ) ; 630*cdf0e10cSrcweir+ xmlSecAssert2( trustedStore != NULL, -1 ) ; 631*cdf0e10cSrcweir+ 632*cdf0e10cSrcweir+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; 633*cdf0e10cSrcweir+ if( x509Store == NULL ) { 634*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 635*cdf0e10cSrcweir+ NULL , 636*cdf0e10cSrcweir+ "xmlSecKeysMngrGetDataStore" , 637*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 638*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 639*cdf0e10cSrcweir+ return( -1 ) ; 640*cdf0e10cSrcweir+ } 641*cdf0e10cSrcweir+ 642*cdf0e10cSrcweir+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { 643*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 644*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , 645*cdf0e10cSrcweir+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , 646*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 647*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 648*cdf0e10cSrcweir+ return( -1 ) ; 649*cdf0e10cSrcweir+ } 650*cdf0e10cSrcweir+ 651*cdf0e10cSrcweir+ return( 0 ) ; 652*cdf0e10cSrcweir+} 653*cdf0e10cSrcweir+ 654*cdf0e10cSrcweir+int 655*cdf0e10cSrcweir+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( 656*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 657*cdf0e10cSrcweir+ HCERTSTORE untrustedStore 658*cdf0e10cSrcweir+) { 659*cdf0e10cSrcweir+ xmlSecKeyDataStorePtr x509Store ; 660*cdf0e10cSrcweir+ 661*cdf0e10cSrcweir+ xmlSecAssert2( mngr != NULL, -1 ) ; 662*cdf0e10cSrcweir+ xmlSecAssert2( untrustedStore != NULL, -1 ) ; 663*cdf0e10cSrcweir+ 664*cdf0e10cSrcweir+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; 665*cdf0e10cSrcweir+ if( x509Store == NULL ) { 666*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 667*cdf0e10cSrcweir+ NULL , 668*cdf0e10cSrcweir+ "xmlSecKeysMngrGetDataStore" , 669*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 670*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 671*cdf0e10cSrcweir+ return( -1 ) ; 672*cdf0e10cSrcweir+ } 673*cdf0e10cSrcweir+ 674*cdf0e10cSrcweir+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { 675*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 676*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , 677*cdf0e10cSrcweir+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , 678*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 679*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 680*cdf0e10cSrcweir+ return( -1 ) ; 681*cdf0e10cSrcweir+ } 682*cdf0e10cSrcweir+ 683*cdf0e10cSrcweir+ return( 0 ) ; 684*cdf0e10cSrcweir+} 685*cdf0e10cSrcweir+ 686*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 687*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200 688*cdf0e10cSrcweir@@ -35,6 +35,9 @@ 689*cdf0e10cSrcweir kw_des.c \ 690*cdf0e10cSrcweir kw_aes.c \ 691*cdf0e10cSrcweir globals.h \ 692*cdf0e10cSrcweir+ akmngr.c \ 693*cdf0e10cSrcweir+ keywrapers.c \ 694*cdf0e10cSrcweir+ tokens.c \ 695*cdf0e10cSrcweir $(NULL) 696*cdf0e10cSrcweir 697*cdf0e10cSrcweir if SHAREDLIB_HACK 698*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200 699*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200 700*cdf0e10cSrcweir@@ -72,7 +72,8 @@ 701*cdf0e10cSrcweir am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \ 702*cdf0e10cSrcweir digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ 703*cdf0e10cSrcweir x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ 704*cdf0e10cSrcweir- ../strings.c 705*cdf0e10cSrcweir+ ../strings.c \ 706*cdf0e10cSrcweir+ akmngr.c keywrapers.c tokens.c 707*cdf0e10cSrcweir am__objects_1 = 708*cdf0e10cSrcweir @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo 709*cdf0e10cSrcweir am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ 710*cdf0e10cSrcweir@@ -83,6 +84,8 @@ 711*cdf0e10cSrcweir libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \ 712*cdf0e10cSrcweir libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \ 713*cdf0e10cSrcweir libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \ 714*cdf0e10cSrcweir+ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \ 715*cdf0e10cSrcweir+ libxmlsec1_nss_la-tokens.lo \ 716*cdf0e10cSrcweir $(am__objects_1) $(am__objects_2) 717*cdf0e10cSrcweir libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) 718*cdf0e10cSrcweir libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ 719*cdf0e10cSrcweir@@ -333,6 +336,7 @@ 720*cdf0e10cSrcweir libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \ 721*cdf0e10cSrcweir digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ 722*cdf0e10cSrcweir x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ 723*cdf0e10cSrcweir+ akmngr.c keywrapers.c tokens.c \ 724*cdf0e10cSrcweir $(NULL) $(am__append_1) 725*cdf0e10cSrcweir libxmlsec1_nss_la_LIBADD = \ 726*cdf0e10cSrcweir ../libxmlsec1.la \ 727*cdf0e10cSrcweir@@ -439,6 +443,9 @@ 728*cdf0e10cSrcweir @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ 729*cdf0e10cSrcweir @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ 730*cdf0e10cSrcweir @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ 731*cdf0e10cSrcweir+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@ 732*cdf0e10cSrcweir+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@ 733*cdf0e10cSrcweir+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@ 734*cdf0e10cSrcweir 735*cdf0e10cSrcweir .c.o: 736*cdf0e10cSrcweir @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< 737*cdf0e10cSrcweir@@ -468,6 +475,27 @@ 738*cdf0e10cSrcweir @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 739*cdf0e10cSrcweir @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c 740*cdf0e10cSrcweir 741*cdf0e10cSrcweir+libxmlsec1_nss_la-akmngr.lo: akmngr.c 742*cdf0e10cSrcweir+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ 743*cdf0e10cSrcweir+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi 744*cdf0e10cSrcweir+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ 745*cdf0e10cSrcweir+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 746*cdf0e10cSrcweir+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c 747*cdf0e10cSrcweir+ 748*cdf0e10cSrcweir+libxmlsec1_nss_la-keywrapers.lo: keywrapers.c 749*cdf0e10cSrcweir+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \ 750*cdf0e10cSrcweir+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi 751*cdf0e10cSrcweir+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@ 752*cdf0e10cSrcweir+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 753*cdf0e10cSrcweir+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c 754*cdf0e10cSrcweir+ 755*cdf0e10cSrcweir+libxmlsec1_nss_la-tokens.lo: tokens.c 756*cdf0e10cSrcweir+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \ 757*cdf0e10cSrcweir+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi 758*cdf0e10cSrcweir+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@ 759*cdf0e10cSrcweir+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 760*cdf0e10cSrcweir+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c 761*cdf0e10cSrcweir+ 762*cdf0e10cSrcweir libxmlsec1_nss_la-bignum.lo: bignum.c 763*cdf0e10cSrcweir @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c 764*cdf0e10cSrcweir @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo 765*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200 766*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200 767*cdf0e10cSrcweir@@ -1 +1,384 @@ 768*cdf0e10cSrcweir-dummy 769*cdf0e10cSrcweir+/** 770*cdf0e10cSrcweir+ * XMLSec library 771*cdf0e10cSrcweir+ * 772*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 773*cdf0e10cSrcweir+ * distribution for preciese wording. 774*cdf0e10cSrcweir+ * 775*cdf0e10cSrcweir+ * Copyright......................... 776*cdf0e10cSrcweir+ */ 777*cdf0e10cSrcweir+#include "globals.h" 778*cdf0e10cSrcweir+ 779*cdf0e10cSrcweir+#include <nspr.h> 780*cdf0e10cSrcweir+#include <nss.h> 781*cdf0e10cSrcweir+#include <pk11func.h> 782*cdf0e10cSrcweir+#include <cert.h> 783*cdf0e10cSrcweir+#include <keyhi.h> 784*cdf0e10cSrcweir+ 785*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 786*cdf0e10cSrcweir+#include <xmlsec/keys.h> 787*cdf0e10cSrcweir+#include <xmlsec/transforms.h> 788*cdf0e10cSrcweir+#include <xmlsec/errors.h> 789*cdf0e10cSrcweir+ 790*cdf0e10cSrcweir+#include <xmlsec/nss/crypto.h> 791*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 792*cdf0e10cSrcweir+#include <xmlsec/nss/akmngr.h> 793*cdf0e10cSrcweir+#include <xmlsec/nss/pkikeys.h> 794*cdf0e10cSrcweir+#include <xmlsec/nss/ciphers.h> 795*cdf0e10cSrcweir+#include <xmlsec/nss/keysstore.h> 796*cdf0e10cSrcweir+ 797*cdf0e10cSrcweir+/** 798*cdf0e10cSrcweir+ * xmlSecNssAppliedKeysMngrCreate: 799*cdf0e10cSrcweir+ * @slot: array of pointers to NSS PKCS#11 slot infomation. 800*cdf0e10cSrcweir+ * @cSlots: number of slots in the array 801*cdf0e10cSrcweir+ * @handler: the pointer to NSS certificate database. 802*cdf0e10cSrcweir+ * 803*cdf0e10cSrcweir+ * Create and load NSS crypto slot and certificate database into keys manager 804*cdf0e10cSrcweir+ * 805*cdf0e10cSrcweir+ * Returns keys manager pointer on success or NULL otherwise. 806*cdf0e10cSrcweir+ */ 807*cdf0e10cSrcweir+xmlSecKeysMngrPtr 808*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrCreate( 809*cdf0e10cSrcweir+ PK11SlotInfo** slots, 810*cdf0e10cSrcweir+ int cSlots, 811*cdf0e10cSrcweir+ CERTCertDBHandle* handler 812*cdf0e10cSrcweir+) { 813*cdf0e10cSrcweir+ xmlSecKeyDataStorePtr certStore = NULL ; 814*cdf0e10cSrcweir+ xmlSecKeysMngrPtr keyMngr = NULL ; 815*cdf0e10cSrcweir+ xmlSecKeyStorePtr keyStore = NULL ; 816*cdf0e10cSrcweir+ int islot = 0; 817*cdf0e10cSrcweir+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; 818*cdf0e10cSrcweir+ if( keyStore == NULL ) { 819*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 820*cdf0e10cSrcweir+ NULL , 821*cdf0e10cSrcweir+ "xmlSecKeyStoreCreate" , 822*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 823*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 824*cdf0e10cSrcweir+ return NULL ; 825*cdf0e10cSrcweir+ } 826*cdf0e10cSrcweir+ 827*cdf0e10cSrcweir+ for (islot = 0; islot < cSlots; islot++) 828*cdf0e10cSrcweir+ { 829*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot ; 830*cdf0e10cSrcweir+ 831*cdf0e10cSrcweir+ /* Create a key slot */ 832*cdf0e10cSrcweir+ keySlot = xmlSecNssKeySlotCreate() ; 833*cdf0e10cSrcweir+ if( keySlot == NULL ) { 834*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 835*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 836*cdf0e10cSrcweir+ "xmlSecNssKeySlotCreate" , 837*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 838*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 839*cdf0e10cSrcweir+ 840*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 841*cdf0e10cSrcweir+ return NULL ; 842*cdf0e10cSrcweir+ } 843*cdf0e10cSrcweir+ 844*cdf0e10cSrcweir+ /* Set slot */ 845*cdf0e10cSrcweir+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { 846*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 847*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 848*cdf0e10cSrcweir+ "xmlSecNssKeySlotSetSlot" , 849*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 850*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 851*cdf0e10cSrcweir+ 852*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 853*cdf0e10cSrcweir+ xmlSecNssKeySlotDestroy( keySlot ) ; 854*cdf0e10cSrcweir+ return NULL ; 855*cdf0e10cSrcweir+ } 856*cdf0e10cSrcweir+ 857*cdf0e10cSrcweir+ /* Adopt keySlot */ 858*cdf0e10cSrcweir+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { 859*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 860*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 861*cdf0e10cSrcweir+ "xmlSecNssKeysStoreAdoptKeySlot" , 862*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 863*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 864*cdf0e10cSrcweir+ 865*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 866*cdf0e10cSrcweir+ xmlSecNssKeySlotDestroy( keySlot ) ; 867*cdf0e10cSrcweir+ return NULL ; 868*cdf0e10cSrcweir+ } 869*cdf0e10cSrcweir+ } 870*cdf0e10cSrcweir+ 871*cdf0e10cSrcweir+ keyMngr = xmlSecKeysMngrCreate() ; 872*cdf0e10cSrcweir+ if( keyMngr == NULL ) { 873*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 874*cdf0e10cSrcweir+ NULL , 875*cdf0e10cSrcweir+ "xmlSecKeysMngrCreate" , 876*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 877*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 878*cdf0e10cSrcweir+ 879*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 880*cdf0e10cSrcweir+ return NULL ; 881*cdf0e10cSrcweir+ } 882*cdf0e10cSrcweir+ 883*cdf0e10cSrcweir+ /*- 884*cdf0e10cSrcweir+ * Add key store to manager, from now on keys manager destroys the store if 885*cdf0e10cSrcweir+ * needed 886*cdf0e10cSrcweir+ */ 887*cdf0e10cSrcweir+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { 888*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 889*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 890*cdf0e10cSrcweir+ "xmlSecKeysMngrAdoptKeyStore" , 891*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 892*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 893*cdf0e10cSrcweir+ 894*cdf0e10cSrcweir+ xmlSecKeyStoreDestroy( keyStore ) ; 895*cdf0e10cSrcweir+ xmlSecKeysMngrDestroy( keyMngr ) ; 896*cdf0e10cSrcweir+ return NULL ; 897*cdf0e10cSrcweir+ } 898*cdf0e10cSrcweir+ 899*cdf0e10cSrcweir+ /*- 900*cdf0e10cSrcweir+ * Initialize crypto library specific data in keys manager 901*cdf0e10cSrcweir+ */ 902*cdf0e10cSrcweir+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { 903*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 904*cdf0e10cSrcweir+ NULL , 905*cdf0e10cSrcweir+ "xmlSecKeysMngrCreate" , 906*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 907*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 908*cdf0e10cSrcweir+ 909*cdf0e10cSrcweir+ xmlSecKeysMngrDestroy( keyMngr ) ; 910*cdf0e10cSrcweir+ return NULL ; 911*cdf0e10cSrcweir+ } 912*cdf0e10cSrcweir+ 913*cdf0e10cSrcweir+ /*- 914*cdf0e10cSrcweir+ * Set certificate databse to X509 key data store 915*cdf0e10cSrcweir+ */ 916*cdf0e10cSrcweir+ /** 917*cdf0e10cSrcweir+ * Because Tej's implementation of certDB use the default DB, so I ignore 918*cdf0e10cSrcweir+ * the certDB handler at present. I'll modify the cert store sources to 919*cdf0e10cSrcweir+ * accept particular certDB instead of default ones. 920*cdf0e10cSrcweir+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; 921*cdf0e10cSrcweir+ if( certStore == NULL ) { 922*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 923*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 924*cdf0e10cSrcweir+ "xmlSecKeysMngrGetDataStore" , 925*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 926*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 927*cdf0e10cSrcweir+ 928*cdf0e10cSrcweir+ xmlSecKeysMngrDestroy( keyMngr ) ; 929*cdf0e10cSrcweir+ return NULL ; 930*cdf0e10cSrcweir+ } 931*cdf0e10cSrcweir+ 932*cdf0e10cSrcweir+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { 933*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 934*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 935*cdf0e10cSrcweir+ "xmlSecNssKeyDataStoreX509SetCertDb" , 936*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 937*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 938*cdf0e10cSrcweir+ 939*cdf0e10cSrcweir+ xmlSecKeysMngrDestroy( keyMngr ) ; 940*cdf0e10cSrcweir+ return NULL ; 941*cdf0e10cSrcweir+ } 942*cdf0e10cSrcweir+ */ 943*cdf0e10cSrcweir+ 944*cdf0e10cSrcweir+ /*- 945*cdf0e10cSrcweir+ * Set the getKey callback 946*cdf0e10cSrcweir+ */ 947*cdf0e10cSrcweir+ keyMngr->getKey = xmlSecKeysMngrGetKey ; 948*cdf0e10cSrcweir+ 949*cdf0e10cSrcweir+ return keyMngr ; 950*cdf0e10cSrcweir+} 951*cdf0e10cSrcweir+ 952*cdf0e10cSrcweir+int 953*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrSymKeyLoad( 954*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 955*cdf0e10cSrcweir+ PK11SymKey* symKey 956*cdf0e10cSrcweir+) { 957*cdf0e10cSrcweir+ xmlSecKeyPtr key ; 958*cdf0e10cSrcweir+ xmlSecKeyDataPtr data ; 959*cdf0e10cSrcweir+ xmlSecKeyStorePtr keyStore ; 960*cdf0e10cSrcweir+ 961*cdf0e10cSrcweir+ xmlSecAssert2( mngr != NULL , -1 ) ; 962*cdf0e10cSrcweir+ xmlSecAssert2( symKey != NULL , -1 ) ; 963*cdf0e10cSrcweir+ 964*cdf0e10cSrcweir+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; 965*cdf0e10cSrcweir+ if( keyStore == NULL ) { 966*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 967*cdf0e10cSrcweir+ NULL , 968*cdf0e10cSrcweir+ "xmlSecKeysMngrGetKeysStore" , 969*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 970*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 971*cdf0e10cSrcweir+ return(-1) ; 972*cdf0e10cSrcweir+ } 973*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; 974*cdf0e10cSrcweir+ 975*cdf0e10cSrcweir+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; 976*cdf0e10cSrcweir+ if( data == NULL ) { 977*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 978*cdf0e10cSrcweir+ NULL , 979*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 980*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 981*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 982*cdf0e10cSrcweir+ return(-1) ; 983*cdf0e10cSrcweir+ } 984*cdf0e10cSrcweir+ 985*cdf0e10cSrcweir+ key = xmlSecKeyCreate() ; 986*cdf0e10cSrcweir+ if( key == NULL ) { 987*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 988*cdf0e10cSrcweir+ NULL , 989*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 990*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 991*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 992*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 993*cdf0e10cSrcweir+ return(-1) ; 994*cdf0e10cSrcweir+ } 995*cdf0e10cSrcweir+ 996*cdf0e10cSrcweir+ if( xmlSecKeySetValue( key , data ) < 0 ) { 997*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 998*cdf0e10cSrcweir+ NULL , 999*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1000*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1001*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1002*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1003*cdf0e10cSrcweir+ return(-1) ; 1004*cdf0e10cSrcweir+ } 1005*cdf0e10cSrcweir+ 1006*cdf0e10cSrcweir+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { 1007*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1008*cdf0e10cSrcweir+ NULL , 1009*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1010*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1011*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1012*cdf0e10cSrcweir+ xmlSecKeyDestroy( key ) ; 1013*cdf0e10cSrcweir+ return(-1) ; 1014*cdf0e10cSrcweir+ } 1015*cdf0e10cSrcweir+ 1016*cdf0e10cSrcweir+ return(0) ; 1017*cdf0e10cSrcweir+} 1018*cdf0e10cSrcweir+ 1019*cdf0e10cSrcweir+int 1020*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrPubKeyLoad( 1021*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 1022*cdf0e10cSrcweir+ SECKEYPublicKey* pubKey 1023*cdf0e10cSrcweir+) { 1024*cdf0e10cSrcweir+ xmlSecKeyPtr key ; 1025*cdf0e10cSrcweir+ xmlSecKeyDataPtr data ; 1026*cdf0e10cSrcweir+ xmlSecKeyStorePtr keyStore ; 1027*cdf0e10cSrcweir+ 1028*cdf0e10cSrcweir+ xmlSecAssert2( mngr != NULL , -1 ) ; 1029*cdf0e10cSrcweir+ xmlSecAssert2( pubKey != NULL , -1 ) ; 1030*cdf0e10cSrcweir+ 1031*cdf0e10cSrcweir+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; 1032*cdf0e10cSrcweir+ if( keyStore == NULL ) { 1033*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1034*cdf0e10cSrcweir+ NULL , 1035*cdf0e10cSrcweir+ "xmlSecKeysMngrGetKeysStore" , 1036*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1037*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1038*cdf0e10cSrcweir+ return(-1) ; 1039*cdf0e10cSrcweir+ } 1040*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; 1041*cdf0e10cSrcweir+ 1042*cdf0e10cSrcweir+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; 1043*cdf0e10cSrcweir+ if( data == NULL ) { 1044*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1045*cdf0e10cSrcweir+ NULL , 1046*cdf0e10cSrcweir+ "xmlSecNssPKIAdoptKey" , 1047*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1048*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1049*cdf0e10cSrcweir+ return(-1) ; 1050*cdf0e10cSrcweir+ } 1051*cdf0e10cSrcweir+ 1052*cdf0e10cSrcweir+ key = xmlSecKeyCreate() ; 1053*cdf0e10cSrcweir+ if( key == NULL ) { 1054*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1055*cdf0e10cSrcweir+ NULL , 1056*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1057*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1058*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1059*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1060*cdf0e10cSrcweir+ return(-1) ; 1061*cdf0e10cSrcweir+ } 1062*cdf0e10cSrcweir+ 1063*cdf0e10cSrcweir+ if( xmlSecKeySetValue( key , data ) < 0 ) { 1064*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1065*cdf0e10cSrcweir+ NULL , 1066*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1067*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1068*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1069*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1070*cdf0e10cSrcweir+ return(-1) ; 1071*cdf0e10cSrcweir+ } 1072*cdf0e10cSrcweir+ 1073*cdf0e10cSrcweir+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { 1074*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1075*cdf0e10cSrcweir+ NULL , 1076*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1077*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1078*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1079*cdf0e10cSrcweir+ xmlSecKeyDestroy( key ) ; 1080*cdf0e10cSrcweir+ return(-1) ; 1081*cdf0e10cSrcweir+ } 1082*cdf0e10cSrcweir+ 1083*cdf0e10cSrcweir+ return(0) ; 1084*cdf0e10cSrcweir+} 1085*cdf0e10cSrcweir+ 1086*cdf0e10cSrcweir+int 1087*cdf0e10cSrcweir+xmlSecNssAppliedKeysMngrPriKeyLoad( 1088*cdf0e10cSrcweir+ xmlSecKeysMngrPtr mngr , 1089*cdf0e10cSrcweir+ SECKEYPrivateKey* priKey 1090*cdf0e10cSrcweir+) { 1091*cdf0e10cSrcweir+ xmlSecKeyPtr key ; 1092*cdf0e10cSrcweir+ xmlSecKeyDataPtr data ; 1093*cdf0e10cSrcweir+ xmlSecKeyStorePtr keyStore ; 1094*cdf0e10cSrcweir+ 1095*cdf0e10cSrcweir+ xmlSecAssert2( mngr != NULL , -1 ) ; 1096*cdf0e10cSrcweir+ xmlSecAssert2( priKey != NULL , -1 ) ; 1097*cdf0e10cSrcweir+ 1098*cdf0e10cSrcweir+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; 1099*cdf0e10cSrcweir+ if( keyStore == NULL ) { 1100*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1101*cdf0e10cSrcweir+ NULL , 1102*cdf0e10cSrcweir+ "xmlSecKeysMngrGetKeysStore" , 1103*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1104*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1105*cdf0e10cSrcweir+ return(-1) ; 1106*cdf0e10cSrcweir+ } 1107*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; 1108*cdf0e10cSrcweir+ 1109*cdf0e10cSrcweir+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; 1110*cdf0e10cSrcweir+ if( data == NULL ) { 1111*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1112*cdf0e10cSrcweir+ NULL , 1113*cdf0e10cSrcweir+ "xmlSecNssPKIAdoptKey" , 1114*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1115*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1116*cdf0e10cSrcweir+ return(-1) ; 1117*cdf0e10cSrcweir+ } 1118*cdf0e10cSrcweir+ 1119*cdf0e10cSrcweir+ key = xmlSecKeyCreate() ; 1120*cdf0e10cSrcweir+ if( key == NULL ) { 1121*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1122*cdf0e10cSrcweir+ NULL , 1123*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1124*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1125*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1126*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1127*cdf0e10cSrcweir+ return(-1) ; 1128*cdf0e10cSrcweir+ } 1129*cdf0e10cSrcweir+ 1130*cdf0e10cSrcweir+ if( xmlSecKeySetValue( key , data ) < 0 ) { 1131*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1132*cdf0e10cSrcweir+ NULL , 1133*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1134*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1135*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1136*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1137*cdf0e10cSrcweir+ return(-1) ; 1138*cdf0e10cSrcweir+ } 1139*cdf0e10cSrcweir+ 1140*cdf0e10cSrcweir+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { 1141*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1142*cdf0e10cSrcweir+ NULL , 1143*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataKeyAdopt" , 1144*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1145*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1146*cdf0e10cSrcweir+ xmlSecKeyDestroy( key ) ; 1147*cdf0e10cSrcweir+ return(-1) ; 1148*cdf0e10cSrcweir+ } 1149*cdf0e10cSrcweir+ 1150*cdf0e10cSrcweir+ return(0) ; 1151*cdf0e10cSrcweir+} 1152*cdf0e10cSrcweir+ 1153*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200 1154*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200 1155*cdf0e10cSrcweir@@ -23,8 +23,8 @@ 1156*cdf0e10cSrcweir #include <xmlsec/transforms.h> 1157*cdf0e10cSrcweir #include <xmlsec/errors.h> 1158*cdf0e10cSrcweir 1159*cdf0e10cSrcweir-#include <xmlsec/nss/app.h> 1160*cdf0e10cSrcweir #include <xmlsec/nss/crypto.h> 1161*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 1162*cdf0e10cSrcweir 1163*cdf0e10cSrcweir /* sizes in bits */ 1164*cdf0e10cSrcweir #define XMLSEC_NSS_MIN_HMAC_SIZE 80 1165*cdf0e10cSrcweir@@ -286,13 +286,13 @@ 1166*cdf0e10cSrcweir keyItem.data = xmlSecBufferGetData(buffer); 1167*cdf0e10cSrcweir keyItem.len = xmlSecBufferGetSize(buffer); 1168*cdf0e10cSrcweir 1169*cdf0e10cSrcweir- slot = PK11_GetBestSlot(ctx->digestType, NULL); 1170*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(ctx->digestType); 1171*cdf0e10cSrcweir if(slot == NULL) { 1172*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 1173*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1174*cdf0e10cSrcweir- "PK11_GetBestSlot", 1175*cdf0e10cSrcweir+ "xmlSecNssSlotGet", 1176*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 1177*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 1178*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 1179*cdf0e10cSrcweir return(-1); 1180*cdf0e10cSrcweir } 1181*cdf0e10cSrcweir 1182*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200 1183*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200 1184*cdf0e10cSrcweir@@ -1,36 +1,56 @@ 1185*cdf0e10cSrcweir /** 1186*cdf0e10cSrcweir * XMLSec library 1187*cdf0e10cSrcweir * 1188*cdf0e10cSrcweir- * Nss keys store that uses Simple Keys Store under the hood. Uses the 1189*cdf0e10cSrcweir- * Nss DB as a backing store for the finding keys, but the NSS DB is 1190*cdf0e10cSrcweir- * not written to by the keys store. 1191*cdf0e10cSrcweir- * So, if store->findkey is done and the key is not found in the simple 1192*cdf0e10cSrcweir- * keys store, the NSS DB is looked up. 1193*cdf0e10cSrcweir- * If store is called to adopt a key, that key is not written to the NSS 1194*cdf0e10cSrcweir- * DB. 1195*cdf0e10cSrcweir- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate 1196*cdf0e10cSrcweir- * source of keys for xmlsec 1197*cdf0e10cSrcweir- * 1198*cdf0e10cSrcweir * This is free software; see Copyright file in the source 1199*cdf0e10cSrcweir * distribution for precise wording. 1200*cdf0e10cSrcweir * 1201*cdf0e10cSrcweir * Copyright (c) 2003 America Online, Inc. All rights reserved. 1202*cdf0e10cSrcweir */ 1203*cdf0e10cSrcweir+ 1204*cdf0e10cSrcweir+/** 1205*cdf0e10cSrcweir+ * NSS key store uses a key list and a slot list as the key repository. NSS slot 1206*cdf0e10cSrcweir+ * list is a backup repository for the finding keys. If a key is not found from 1207*cdf0e10cSrcweir+ * the key list, the NSS slot list is looked up. 1208*cdf0e10cSrcweir+ * 1209*cdf0e10cSrcweir+ * Any key in the key list will not save to pkcs11 slot. When a store to called 1210*cdf0e10cSrcweir+ * to adopt a key, the key is resident in the key list; While a store to called 1211*cdf0e10cSrcweir+ * to set a is resident in the key list; While a store to called to set a slot 1212*cdf0e10cSrcweir+ * list, which means that the keys in the listed slot can be used for xml sign- 1213*cdf0e10cSrcweir+ * nature or encryption. 1214*cdf0e10cSrcweir+ * 1215*cdf0e10cSrcweir+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. 1216*cdf0e10cSrcweir+ * 1217*cdf0e10cSrcweir+ * The framework will decrease the user interfaces to administrate xmlSec crypto 1218*cdf0e10cSrcweir+ * engine. He can only focus on NSS layer functions. For examples, after the 1219*cdf0e10cSrcweir+ * user set up a slot list handler to the keys store, he do not need to do any 1220*cdf0e10cSrcweir+ * other work atop xmlSec interfaces, his action on the slot list handler, such 1221*cdf0e10cSrcweir+ * as add a token to, delete a token from the list, will directly effect the key 1222*cdf0e10cSrcweir+ * store behaviors. 1223*cdf0e10cSrcweir+ * 1224*cdf0e10cSrcweir+ * For example, a scenariio: 1225*cdf0e10cSrcweir+ * 0. Create a slot list;( NSS interfaces ) 1226*cdf0e10cSrcweir+ * 1. Create a keys store;( xmlSec interfaces ) 1227*cdf0e10cSrcweir+ * 2. Set slot list with the keys store;( xmlSec Interfaces ) 1228*cdf0e10cSrcweir+ * 3. Add a slot to the slot list;( NSS interfaces ) 1229*cdf0e10cSrcweir+ * 4. Perform xml signature; ( xmlSec Interfaces ) 1230*cdf0e10cSrcweir+ * 5. Deleter a slot from the slot list;( NSS interfaces ) 1231*cdf0e10cSrcweir+ * 6. Perform xml encryption; ( xmlSec Interfaces ) 1232*cdf0e10cSrcweir+ * 7. Perform xml signature;( xmlSec Interfaces ) 1233*cdf0e10cSrcweir+ * 8. Destroy the keys store;( xmlSec Interfaces ) 1234*cdf0e10cSrcweir+ * 8. Destroy the slot list.( NSS Interfaces ) 1235*cdf0e10cSrcweir+ */ 1236*cdf0e10cSrcweir #include "globals.h" 1237*cdf0e10cSrcweir 1238*cdf0e10cSrcweir #include <stdlib.h> 1239*cdf0e10cSrcweir #include <string.h> 1240*cdf0e10cSrcweir 1241*cdf0e10cSrcweir #include <nss.h> 1242*cdf0e10cSrcweir-#include <cert.h> 1243*cdf0e10cSrcweir #include <pk11func.h> 1244*cdf0e10cSrcweir+#include <prinit.h> 1245*cdf0e10cSrcweir #include <keyhi.h> 1246*cdf0e10cSrcweir 1247*cdf0e10cSrcweir-#include <libxml/tree.h> 1248*cdf0e10cSrcweir- 1249*cdf0e10cSrcweir #include <xmlsec/xmlsec.h> 1250*cdf0e10cSrcweir-#include <xmlsec/buffer.h> 1251*cdf0e10cSrcweir-#include <xmlsec/base64.h> 1252*cdf0e10cSrcweir+#include <xmlsec/keys.h> 1253*cdf0e10cSrcweir #include <xmlsec/errors.h> 1254*cdf0e10cSrcweir #include <xmlsec/xmltree.h> 1255*cdf0e10cSrcweir 1256*cdf0e10cSrcweir@@ -38,82 +58,461 @@ 1257*cdf0e10cSrcweir 1258*cdf0e10cSrcweir #include <xmlsec/nss/crypto.h> 1259*cdf0e10cSrcweir #include <xmlsec/nss/keysstore.h> 1260*cdf0e10cSrcweir-#include <xmlsec/nss/x509.h> 1261*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 1262*cdf0e10cSrcweir+#include <xmlsec/nss/ciphers.h> 1263*cdf0e10cSrcweir #include <xmlsec/nss/pkikeys.h> 1264*cdf0e10cSrcweir 1265*cdf0e10cSrcweir /**************************************************************************** 1266*cdf0e10cSrcweir * 1267*cdf0e10cSrcweir- * Nss Keys Store. Uses Simple Keys Store under the hood 1268*cdf0e10cSrcweir+ * Internal NSS key store context 1269*cdf0e10cSrcweir * 1270*cdf0e10cSrcweir- * Simple Keys Store ptr is located after xmlSecKeyStore 1271*cdf0e10cSrcweir+ * This context is located after xmlSecKeyStore 1272*cdf0e10cSrcweir * 1273*cdf0e10cSrcweir ***************************************************************************/ 1274*cdf0e10cSrcweir+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; 1275*cdf0e10cSrcweir+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; 1276*cdf0e10cSrcweir+ 1277*cdf0e10cSrcweir+struct _xmlSecNssKeysStoreCtx { 1278*cdf0e10cSrcweir+ xmlSecPtrListPtr keyList ; 1279*cdf0e10cSrcweir+ xmlSecPtrListPtr slotList ; 1280*cdf0e10cSrcweir+} ; 1281*cdf0e10cSrcweir+ 1282*cdf0e10cSrcweir #define xmlSecNssKeysStoreSize \ 1283*cdf0e10cSrcweir- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) 1284*cdf0e10cSrcweir+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) 1285*cdf0e10cSrcweir 1286*cdf0e10cSrcweir-#define xmlSecNssKeysStoreGetSS(store) \ 1287*cdf0e10cSrcweir- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ 1288*cdf0e10cSrcweir- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ 1289*cdf0e10cSrcweir- (xmlSecKeyStorePtr*)NULL) 1290*cdf0e10cSrcweir- 1291*cdf0e10cSrcweir-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); 1292*cdf0e10cSrcweir-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); 1293*cdf0e10cSrcweir-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, 1294*cdf0e10cSrcweir- const xmlChar* name, 1295*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx); 1296*cdf0e10cSrcweir+#define xmlSecNssKeysStoreGetCtx( data ) \ 1297*cdf0e10cSrcweir+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) 1298*cdf0e10cSrcweir 1299*cdf0e10cSrcweir-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { 1300*cdf0e10cSrcweir- sizeof(xmlSecKeyStoreKlass), 1301*cdf0e10cSrcweir- xmlSecNssKeysStoreSize, 1302*cdf0e10cSrcweir+int xmlSecNssKeysStoreAdoptKeySlot( 1303*cdf0e10cSrcweir+ xmlSecKeyStorePtr store , 1304*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 1305*cdf0e10cSrcweir+) { 1306*cdf0e10cSrcweir+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1307*cdf0e10cSrcweir+ 1308*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; 1309*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; 1310*cdf0e10cSrcweir+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1311*cdf0e10cSrcweir+ if( context == NULL ) { 1312*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1313*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1314*cdf0e10cSrcweir+ "xmlSecNssKeysStoreGetCtx" , 1315*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1316*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1317*cdf0e10cSrcweir+ return -1 ; 1318*cdf0e10cSrcweir+ } 1319*cdf0e10cSrcweir+ 1320*cdf0e10cSrcweir+ if( context->slotList == NULL ) { 1321*cdf0e10cSrcweir+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { 1322*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1323*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1324*cdf0e10cSrcweir+ "xmlSecPtrListCreate" , 1325*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1326*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1327*cdf0e10cSrcweir+ return -1 ; 1328*cdf0e10cSrcweir+ } 1329*cdf0e10cSrcweir+ } 1330*cdf0e10cSrcweir+ 1331*cdf0e10cSrcweir+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { 1332*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1333*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1334*cdf0e10cSrcweir+ "xmlSecPtrListCheckId" , 1335*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1336*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1337*cdf0e10cSrcweir+ return -1 ; 1338*cdf0e10cSrcweir+ } 1339*cdf0e10cSrcweir+ 1340*cdf0e10cSrcweir+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { 1341*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1342*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1343*cdf0e10cSrcweir+ "xmlSecPtrListAdd" , 1344*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1345*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1346*cdf0e10cSrcweir+ return -1 ; 1347*cdf0e10cSrcweir+ } 1348*cdf0e10cSrcweir+ return 0 ; 1349*cdf0e10cSrcweir+} 1350*cdf0e10cSrcweir 1351*cdf0e10cSrcweir- /* data */ 1352*cdf0e10cSrcweir- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ 1353*cdf0e10cSrcweir- 1354*cdf0e10cSrcweir- /* constructors/destructor */ 1355*cdf0e10cSrcweir- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ 1356*cdf0e10cSrcweir- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ 1357*cdf0e10cSrcweir- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ 1358*cdf0e10cSrcweir- 1359*cdf0e10cSrcweir- /* reserved for the future */ 1360*cdf0e10cSrcweir- NULL, /* void* reserved0; */ 1361*cdf0e10cSrcweir- NULL, /* void* reserved1; */ 1362*cdf0e10cSrcweir-}; 1363*cdf0e10cSrcweir+int xmlSecNssKeysStoreAdoptKey( 1364*cdf0e10cSrcweir+ xmlSecKeyStorePtr store , 1365*cdf0e10cSrcweir+ xmlSecKeyPtr key 1366*cdf0e10cSrcweir+) { 1367*cdf0e10cSrcweir+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1368*cdf0e10cSrcweir+ 1369*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; 1370*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; 1371*cdf0e10cSrcweir+ 1372*cdf0e10cSrcweir+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1373*cdf0e10cSrcweir+ if( context == NULL ) { 1374*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1375*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1376*cdf0e10cSrcweir+ "xmlSecNssKeysStoreGetCtx" , 1377*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1378*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1379*cdf0e10cSrcweir+ return -1 ; 1380*cdf0e10cSrcweir+ } 1381*cdf0e10cSrcweir+ 1382*cdf0e10cSrcweir+ if( context->keyList == NULL ) { 1383*cdf0e10cSrcweir+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { 1384*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1385*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1386*cdf0e10cSrcweir+ "xmlSecPtrListCreate" , 1387*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1388*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1389*cdf0e10cSrcweir+ return -1 ; 1390*cdf0e10cSrcweir+ } 1391*cdf0e10cSrcweir+ } 1392*cdf0e10cSrcweir+ 1393*cdf0e10cSrcweir+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { 1394*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1395*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1396*cdf0e10cSrcweir+ "xmlSecPtrListCheckId" , 1397*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1398*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1399*cdf0e10cSrcweir+ return -1 ; 1400*cdf0e10cSrcweir+ } 1401*cdf0e10cSrcweir+ 1402*cdf0e10cSrcweir+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { 1403*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1404*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1405*cdf0e10cSrcweir+ "xmlSecPtrListAdd" , 1406*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1407*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1408*cdf0e10cSrcweir+ return -1 ; 1409*cdf0e10cSrcweir+ } 1410*cdf0e10cSrcweir 1411*cdf0e10cSrcweir-/** 1412*cdf0e10cSrcweir- * xmlSecNssKeysStoreGetKlass: 1413*cdf0e10cSrcweir- * 1414*cdf0e10cSrcweir- * The Nss list based keys store klass. 1415*cdf0e10cSrcweir+ return 0 ; 1416*cdf0e10cSrcweir+} 1417*cdf0e10cSrcweir+ 1418*cdf0e10cSrcweir+/* 1419*cdf0e10cSrcweir+ * xmlSecKeyStoreInitializeMethod: 1420*cdf0e10cSrcweir+ * @store: the store. 1421*cdf0e10cSrcweir+ * 1422*cdf0e10cSrcweir+ * Keys store specific initialization method. 1423*cdf0e10cSrcweir * 1424*cdf0e10cSrcweir- * Returns: Nss list based keys store klass. 1425*cdf0e10cSrcweir+ * Returns 0 on success or a negative value if an error occurs. 1426*cdf0e10cSrcweir */ 1427*cdf0e10cSrcweir-xmlSecKeyStoreId 1428*cdf0e10cSrcweir-xmlSecNssKeysStoreGetKlass(void) { 1429*cdf0e10cSrcweir- return(&xmlSecNssKeysStoreKlass); 1430*cdf0e10cSrcweir+static int 1431*cdf0e10cSrcweir+xmlSecNssKeysStoreInitialize( 1432*cdf0e10cSrcweir+ xmlSecKeyStorePtr store 1433*cdf0e10cSrcweir+) { 1434*cdf0e10cSrcweir+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1435*cdf0e10cSrcweir+ 1436*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; 1437*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; 1438*cdf0e10cSrcweir+ 1439*cdf0e10cSrcweir+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1440*cdf0e10cSrcweir+ if( context == NULL ) { 1441*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1442*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1443*cdf0e10cSrcweir+ "xmlSecNssKeysStoreGetCtx" , 1444*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1445*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1446*cdf0e10cSrcweir+ return -1 ; 1447*cdf0e10cSrcweir+ } 1448*cdf0e10cSrcweir+ 1449*cdf0e10cSrcweir+ context->keyList = NULL ; 1450*cdf0e10cSrcweir+ context->slotList = NULL ; 1451*cdf0e10cSrcweir+ 1452*cdf0e10cSrcweir+ return 0 ; 1453*cdf0e10cSrcweir } 1454*cdf0e10cSrcweir 1455*cdf0e10cSrcweir /** 1456*cdf0e10cSrcweir- * xmlSecNssKeysStoreAdoptKey: 1457*cdf0e10cSrcweir- * @store: the pointer to Nss keys store. 1458*cdf0e10cSrcweir- * @key: the pointer to key. 1459*cdf0e10cSrcweir- * 1460*cdf0e10cSrcweir- * Adds @key to the @store. 1461*cdf0e10cSrcweir * 1462*cdf0e10cSrcweir- * Returns: 0 on success or a negative value if an error occurs. 1463*cdf0e10cSrcweir+ * xmlSecKeyStoreFinalizeMethod: 1464*cdf0e10cSrcweir+ * @store: the store. 1465*cdf0e10cSrcweir+ * 1466*cdf0e10cSrcweir+ * Keys store specific finalization (destroy) method. 1467*cdf0e10cSrcweir */ 1468*cdf0e10cSrcweir-int 1469*cdf0e10cSrcweir-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { 1470*cdf0e10cSrcweir- xmlSecKeyStorePtr *ss; 1471*cdf0e10cSrcweir- 1472*cdf0e10cSrcweir- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); 1473*cdf0e10cSrcweir- xmlSecAssert2((key != NULL), -1); 1474*cdf0e10cSrcweir+void 1475*cdf0e10cSrcweir+xmlSecNssKeysStoreFinalize( 1476*cdf0e10cSrcweir+ xmlSecKeyStorePtr store 1477*cdf0e10cSrcweir+) { 1478*cdf0e10cSrcweir+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1479*cdf0e10cSrcweir+ 1480*cdf0e10cSrcweir+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; 1481*cdf0e10cSrcweir+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; 1482*cdf0e10cSrcweir+ 1483*cdf0e10cSrcweir+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1484*cdf0e10cSrcweir+ if( context == NULL ) { 1485*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1486*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1487*cdf0e10cSrcweir+ "xmlSecNssKeysStoreGetCtx" , 1488*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1489*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1490*cdf0e10cSrcweir+ return ; 1491*cdf0e10cSrcweir+ } 1492*cdf0e10cSrcweir+ 1493*cdf0e10cSrcweir+ if( context->keyList != NULL ) { 1494*cdf0e10cSrcweir+ xmlSecPtrListDestroy( context->keyList ) ; 1495*cdf0e10cSrcweir+ context->keyList = NULL ; 1496*cdf0e10cSrcweir+ } 1497*cdf0e10cSrcweir+ 1498*cdf0e10cSrcweir+ if( context->slotList != NULL ) { 1499*cdf0e10cSrcweir+ xmlSecPtrListDestroy( context->slotList ) ; 1500*cdf0e10cSrcweir+ context->slotList = NULL ; 1501*cdf0e10cSrcweir+ } 1502*cdf0e10cSrcweir+} 1503*cdf0e10cSrcweir+ 1504*cdf0e10cSrcweir+xmlSecKeyPtr 1505*cdf0e10cSrcweir+xmlSecNssKeysStoreFindKeyFromSlot( 1506*cdf0e10cSrcweir+ PK11SlotInfo* slot, 1507*cdf0e10cSrcweir+ const xmlChar* name, 1508*cdf0e10cSrcweir+ xmlSecKeyInfoCtxPtr keyInfoCtx 1509*cdf0e10cSrcweir+) { 1510*cdf0e10cSrcweir+ xmlSecKeyPtr key = NULL ; 1511*cdf0e10cSrcweir+ xmlSecKeyDataPtr data = NULL ; 1512*cdf0e10cSrcweir+ int length ; 1513*cdf0e10cSrcweir+ 1514*cdf0e10cSrcweir+ xmlSecAssert2( slot != NULL , NULL ) ; 1515*cdf0e10cSrcweir+ xmlSecAssert2( name != NULL , NULL ) ; 1516*cdf0e10cSrcweir+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; 1517*cdf0e10cSrcweir+ 1518*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { 1519*cdf0e10cSrcweir+ PK11SymKey* symKey ; 1520*cdf0e10cSrcweir+ PK11SymKey* curKey ; 1521*cdf0e10cSrcweir+ 1522*cdf0e10cSrcweir+ /* Find symmetric key from the slot by name */ 1523*cdf0e10cSrcweir+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; 1524*cdf0e10cSrcweir+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { 1525*cdf0e10cSrcweir+ /* Check the key request */ 1526*cdf0e10cSrcweir+ length = PK11_GetKeyLength( curKey ) ; 1527*cdf0e10cSrcweir+ length *= 8 ; 1528*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && 1529*cdf0e10cSrcweir+ ( length > 0 ) && 1530*cdf0e10cSrcweir+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) 1531*cdf0e10cSrcweir+ continue ; 1532*cdf0e10cSrcweir+ 1533*cdf0e10cSrcweir+ /* We find a eligible key */ 1534*cdf0e10cSrcweir+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; 1535*cdf0e10cSrcweir+ if( data == NULL ) { 1536*cdf0e10cSrcweir+ /* Do nothing */ 1537*cdf0e10cSrcweir+ } 1538*cdf0e10cSrcweir+ break ; 1539*cdf0e10cSrcweir+ } 1540*cdf0e10cSrcweir+ 1541*cdf0e10cSrcweir+ /* Destroy the sym key list */ 1542*cdf0e10cSrcweir+ for( curKey = symKey ; curKey != NULL ; ) { 1543*cdf0e10cSrcweir+ symKey = curKey ; 1544*cdf0e10cSrcweir+ curKey = PK11_GetNextSymKey( symKey ) ; 1545*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 1546*cdf0e10cSrcweir+ } 1547*cdf0e10cSrcweir+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { 1548*cdf0e10cSrcweir+ SECKEYPublicKeyList* pubKeyList ; 1549*cdf0e10cSrcweir+ SECKEYPublicKey* pubKey ; 1550*cdf0e10cSrcweir+ SECKEYPublicKeyListNode* curPub ; 1551*cdf0e10cSrcweir+ 1552*cdf0e10cSrcweir+ /* Find asymmetric key from the slot by name */ 1553*cdf0e10cSrcweir+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; 1554*cdf0e10cSrcweir+ pubKey = NULL ; 1555*cdf0e10cSrcweir+ curPub = PUBKEY_LIST_HEAD(pubKeyList); 1556*cdf0e10cSrcweir+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { 1557*cdf0e10cSrcweir+ /* Check the key request */ 1558*cdf0e10cSrcweir+ length = SECKEY_PublicKeyStrength( curPub->key ) ; 1559*cdf0e10cSrcweir+ length *= 8 ; 1560*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && 1561*cdf0e10cSrcweir+ ( length > 0 ) && 1562*cdf0e10cSrcweir+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) 1563*cdf0e10cSrcweir+ continue ; 1564*cdf0e10cSrcweir+ 1565*cdf0e10cSrcweir+ /* We find a eligible key */ 1566*cdf0e10cSrcweir+ pubKey = curPub->key ; 1567*cdf0e10cSrcweir+ break ; 1568*cdf0e10cSrcweir+ } 1569*cdf0e10cSrcweir+ 1570*cdf0e10cSrcweir+ if( pubKey != NULL ) { 1571*cdf0e10cSrcweir+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; 1572*cdf0e10cSrcweir+ if( data == NULL ) { 1573*cdf0e10cSrcweir+ /* Do nothing */ 1574*cdf0e10cSrcweir+ } 1575*cdf0e10cSrcweir+ } 1576*cdf0e10cSrcweir+ 1577*cdf0e10cSrcweir+ /* Destroy the public key list */ 1578*cdf0e10cSrcweir+ SECKEY_DestroyPublicKeyList( pubKeyList ) ; 1579*cdf0e10cSrcweir+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { 1580*cdf0e10cSrcweir+ SECKEYPrivateKeyList* priKeyList = NULL ; 1581*cdf0e10cSrcweir+ SECKEYPrivateKey* priKey = NULL ; 1582*cdf0e10cSrcweir+ SECKEYPrivateKeyListNode* curPri ; 1583*cdf0e10cSrcweir+ 1584*cdf0e10cSrcweir+ /* Find asymmetric key from the slot by name */ 1585*cdf0e10cSrcweir+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; 1586*cdf0e10cSrcweir+ priKey = NULL ; 1587*cdf0e10cSrcweir+ curPri = PRIVKEY_LIST_HEAD(priKeyList); 1588*cdf0e10cSrcweir+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { 1589*cdf0e10cSrcweir+ /* Check the key request */ 1590*cdf0e10cSrcweir+ length = PK11_SignatureLen( curPri->key ) ; 1591*cdf0e10cSrcweir+ length *= 8 ; 1592*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && 1593*cdf0e10cSrcweir+ ( length > 0 ) && 1594*cdf0e10cSrcweir+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) 1595*cdf0e10cSrcweir+ continue ; 1596*cdf0e10cSrcweir+ 1597*cdf0e10cSrcweir+ /* We find a eligible key */ 1598*cdf0e10cSrcweir+ priKey = curPri->key ; 1599*cdf0e10cSrcweir+ break ; 1600*cdf0e10cSrcweir+ } 1601*cdf0e10cSrcweir+ 1602*cdf0e10cSrcweir+ if( priKey != NULL ) { 1603*cdf0e10cSrcweir+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; 1604*cdf0e10cSrcweir+ if( data == NULL ) { 1605*cdf0e10cSrcweir+ /* Do nothing */ 1606*cdf0e10cSrcweir+ } 1607*cdf0e10cSrcweir+ } 1608*cdf0e10cSrcweir+ 1609*cdf0e10cSrcweir+ /* Destroy the private key list */ 1610*cdf0e10cSrcweir+ SECKEY_DestroyPrivateKeyList( priKeyList ) ; 1611*cdf0e10cSrcweir+ } 1612*cdf0e10cSrcweir+ 1613*cdf0e10cSrcweir+ /* If we have gotten the key value */ 1614*cdf0e10cSrcweir+ if( data != NULL ) { 1615*cdf0e10cSrcweir+ if( ( key = xmlSecKeyCreate() ) == NULL ) { 1616*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1617*cdf0e10cSrcweir+ NULL , 1618*cdf0e10cSrcweir+ "xmlSecKeyCreate" , 1619*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1620*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1621*cdf0e10cSrcweir+ 1622*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1623*cdf0e10cSrcweir+ return NULL ; 1624*cdf0e10cSrcweir+ } 1625*cdf0e10cSrcweir+ 1626*cdf0e10cSrcweir+ if( xmlSecKeySetValue( key , data ) < 0 ) { 1627*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1628*cdf0e10cSrcweir+ NULL , 1629*cdf0e10cSrcweir+ "xmlSecKeySetValue" , 1630*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1631*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1632*cdf0e10cSrcweir+ 1633*cdf0e10cSrcweir+ xmlSecKeyDestroy( key ) ; 1634*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 1635*cdf0e10cSrcweir+ return NULL ; 1636*cdf0e10cSrcweir+ } 1637*cdf0e10cSrcweir+ } 1638*cdf0e10cSrcweir 1639*cdf0e10cSrcweir- ss = xmlSecNssKeysStoreGetSS(store); 1640*cdf0e10cSrcweir- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && 1641*cdf0e10cSrcweir- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); 1642*cdf0e10cSrcweir+ return(key); 1643*cdf0e10cSrcweir+} 1644*cdf0e10cSrcweir+ 1645*cdf0e10cSrcweir+/** 1646*cdf0e10cSrcweir+ * xmlSecKeyStoreFindKeyMethod: 1647*cdf0e10cSrcweir+ * @store: the store. 1648*cdf0e10cSrcweir+ * @name: the desired key name. 1649*cdf0e10cSrcweir+ * @keyInfoCtx: the pointer to key info context. 1650*cdf0e10cSrcweir+ * 1651*cdf0e10cSrcweir+ * Keys store specific find method. The caller is responsible for destroying 1652*cdf0e10cSrcweir+ * the returned key using #xmlSecKeyDestroy method. 1653*cdf0e10cSrcweir+ * 1654*cdf0e10cSrcweir+ * Returns the pointer to a key or NULL if key is not found or an error occurs. 1655*cdf0e10cSrcweir+ */ 1656*cdf0e10cSrcweir+static xmlSecKeyPtr 1657*cdf0e10cSrcweir+xmlSecNssKeysStoreFindKey( 1658*cdf0e10cSrcweir+ xmlSecKeyStorePtr store , 1659*cdf0e10cSrcweir+ const xmlChar* name , 1660*cdf0e10cSrcweir+ xmlSecKeyInfoCtxPtr keyInfoCtx 1661*cdf0e10cSrcweir+) { 1662*cdf0e10cSrcweir+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1663*cdf0e10cSrcweir+ xmlSecKeyPtr key = NULL ; 1664*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot = NULL ; 1665*cdf0e10cSrcweir+ xmlSecSize pos ; 1666*cdf0e10cSrcweir+ xmlSecSize size ; 1667*cdf0e10cSrcweir+ 1668*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; 1669*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; 1670*cdf0e10cSrcweir+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; 1671*cdf0e10cSrcweir+ 1672*cdf0e10cSrcweir+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1673*cdf0e10cSrcweir+ if( context == NULL ) { 1674*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1675*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1676*cdf0e10cSrcweir+ "xmlSecNssKeysStoreGetCtx" , 1677*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1678*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1679*cdf0e10cSrcweir+ return NULL ; 1680*cdf0e10cSrcweir+ } 1681*cdf0e10cSrcweir+ 1682*cdf0e10cSrcweir+ /*- 1683*cdf0e10cSrcweir+ * Look for key at keyList at first. 1684*cdf0e10cSrcweir+ */ 1685*cdf0e10cSrcweir+ if( context->keyList != NULL ) { 1686*cdf0e10cSrcweir+ size = xmlSecPtrListGetSize( context->keyList ) ; 1687*cdf0e10cSrcweir+ for( pos = 0 ; pos < size ; pos ++ ) { 1688*cdf0e10cSrcweir+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; 1689*cdf0e10cSrcweir+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { 1690*cdf0e10cSrcweir+ return xmlSecKeyDuplicate( key ) ; 1691*cdf0e10cSrcweir+ } 1692*cdf0e10cSrcweir+ } 1693*cdf0e10cSrcweir+ } 1694*cdf0e10cSrcweir+ 1695*cdf0e10cSrcweir+ /*- 1696*cdf0e10cSrcweir+ * Find the key from slotList 1697*cdf0e10cSrcweir+ */ 1698*cdf0e10cSrcweir+ if( context->slotList != NULL ) { 1699*cdf0e10cSrcweir+ PK11SlotInfo* slot = NULL ; 1700*cdf0e10cSrcweir+ 1701*cdf0e10cSrcweir+ size = xmlSecPtrListGetSize( context->slotList ) ; 1702*cdf0e10cSrcweir+ for( pos = 0 ; pos < size ; pos ++ ) { 1703*cdf0e10cSrcweir+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; 1704*cdf0e10cSrcweir+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; 1705*cdf0e10cSrcweir+ if( slot == NULL ) { 1706*cdf0e10cSrcweir+ continue ; 1707*cdf0e10cSrcweir+ } else { 1708*cdf0e10cSrcweir+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; 1709*cdf0e10cSrcweir+ if( key == NULL ) { 1710*cdf0e10cSrcweir+ continue ; 1711*cdf0e10cSrcweir+ } else { 1712*cdf0e10cSrcweir+ return( key ) ; 1713*cdf0e10cSrcweir+ } 1714*cdf0e10cSrcweir+ } 1715*cdf0e10cSrcweir+ } 1716*cdf0e10cSrcweir+ } 1717*cdf0e10cSrcweir+ 1718*cdf0e10cSrcweir+ /*- 1719*cdf0e10cSrcweir+ * Create a session key if we can not find the key from keyList and slotList 1720*cdf0e10cSrcweir+ */ 1721*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { 1722*cdf0e10cSrcweir+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; 1723*cdf0e10cSrcweir+ if( key == NULL ) { 1724*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 1725*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1726*cdf0e10cSrcweir+ "xmlSecKeySetValue" , 1727*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1728*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1729*cdf0e10cSrcweir+ return NULL ; 1730*cdf0e10cSrcweir+ } 1731*cdf0e10cSrcweir+ 1732*cdf0e10cSrcweir+ return key ; 1733*cdf0e10cSrcweir+ } 1734*cdf0e10cSrcweir+ 1735*cdf0e10cSrcweir+ /** 1736*cdf0e10cSrcweir+ * We have no way to find the key any more. 1737*cdf0e10cSrcweir+ */ 1738*cdf0e10cSrcweir+ return NULL ; 1739*cdf0e10cSrcweir+} 1740*cdf0e10cSrcweir+ 1741*cdf0e10cSrcweir+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { 1742*cdf0e10cSrcweir+ sizeof( xmlSecKeyStoreKlass ) , 1743*cdf0e10cSrcweir+ xmlSecNssKeysStoreSize , 1744*cdf0e10cSrcweir+ BAD_CAST "implicit_nss_keys_store" , 1745*cdf0e10cSrcweir+ xmlSecNssKeysStoreInitialize , 1746*cdf0e10cSrcweir+ xmlSecNssKeysStoreFinalize , 1747*cdf0e10cSrcweir+ xmlSecNssKeysStoreFindKey , 1748*cdf0e10cSrcweir+ NULL , 1749*cdf0e10cSrcweir+ NULL 1750*cdf0e10cSrcweir+} ; 1751*cdf0e10cSrcweir 1752*cdf0e10cSrcweir- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); 1753*cdf0e10cSrcweir+/** 1754*cdf0e10cSrcweir+ * xmlSecNssKeysStoreGetKlass: 1755*cdf0e10cSrcweir+ * 1756*cdf0e10cSrcweir+ * The simple list based keys store klass. 1757*cdf0e10cSrcweir+ * 1758*cdf0e10cSrcweir+ */ 1759*cdf0e10cSrcweir+xmlSecKeyStoreId 1760*cdf0e10cSrcweir+xmlSecNssKeysStoreGetKlass( void ) { 1761*cdf0e10cSrcweir+ return &xmlSecNssKeysStoreKlass ; 1762*cdf0e10cSrcweir } 1763*cdf0e10cSrcweir 1764*cdf0e10cSrcweir+/************************** 1765*cdf0e10cSrcweir+ * Application routines 1766*cdf0e10cSrcweir+ */ 1767*cdf0e10cSrcweir+ 1768*cdf0e10cSrcweir /** 1769*cdf0e10cSrcweir * xmlSecNssKeysStoreLoad: 1770*cdf0e10cSrcweir * @store: the pointer to Nss keys store. 1771*cdf0e10cSrcweir@@ -252,234 +651,147 @@ 1772*cdf0e10cSrcweir */ 1773*cdf0e10cSrcweir int 1774*cdf0e10cSrcweir xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { 1775*cdf0e10cSrcweir- xmlSecKeyStorePtr *ss; 1776*cdf0e10cSrcweir+ xmlSecKeyInfoCtx keyInfoCtx; 1777*cdf0e10cSrcweir+ xmlSecNssKeysStoreCtxPtr context ; 1778*cdf0e10cSrcweir+ xmlSecPtrListPtr list; 1779*cdf0e10cSrcweir+ xmlSecKeyPtr key; 1780*cdf0e10cSrcweir+ xmlSecSize i, keysSize; 1781*cdf0e10cSrcweir+ xmlDocPtr doc; 1782*cdf0e10cSrcweir+ xmlNodePtr cur; 1783*cdf0e10cSrcweir+ xmlSecKeyDataPtr data; 1784*cdf0e10cSrcweir+ xmlSecPtrListPtr idsList; 1785*cdf0e10cSrcweir+ xmlSecKeyDataId dataId; 1786*cdf0e10cSrcweir+ xmlSecSize idsSize, j; 1787*cdf0e10cSrcweir+ int ret; 1788*cdf0e10cSrcweir 1789*cdf0e10cSrcweir xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); 1790*cdf0e10cSrcweir- xmlSecAssert2((filename != NULL), -1); 1791*cdf0e10cSrcweir- 1792*cdf0e10cSrcweir- ss = xmlSecNssKeysStoreGetSS(store); 1793*cdf0e10cSrcweir- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && 1794*cdf0e10cSrcweir- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); 1795*cdf0e10cSrcweir- 1796*cdf0e10cSrcweir- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); 1797*cdf0e10cSrcweir-} 1798*cdf0e10cSrcweir- 1799*cdf0e10cSrcweir-static int 1800*cdf0e10cSrcweir-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { 1801*cdf0e10cSrcweir- xmlSecKeyStorePtr *ss; 1802*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; 1803*cdf0e10cSrcweir+ xmlSecAssert2(filename != NULL, -1); 1804*cdf0e10cSrcweir 1805*cdf0e10cSrcweir- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); 1806*cdf0e10cSrcweir+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1807*cdf0e10cSrcweir+ xmlSecAssert2( context != NULL, -1 ); 1808*cdf0e10cSrcweir 1809*cdf0e10cSrcweir- ss = xmlSecNssKeysStoreGetSS(store); 1810*cdf0e10cSrcweir- xmlSecAssert2((*ss == NULL), -1); 1811*cdf0e10cSrcweir+ list = context->keyList ; 1812*cdf0e10cSrcweir+ xmlSecAssert2( list != NULL, -1 ); 1813*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); 1814*cdf0e10cSrcweir 1815*cdf0e10cSrcweir- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); 1816*cdf0e10cSrcweir- if(*ss == NULL) { 1817*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 1818*cdf0e10cSrcweir+ /* create doc */ 1819*cdf0e10cSrcweir+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); 1820*cdf0e10cSrcweir+ if(doc == NULL) { 1821*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 1822*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 1823*cdf0e10cSrcweir- "xmlSecKeyStoreCreate", 1824*cdf0e10cSrcweir+ "xmlSecCreateTree", 1825*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 1826*cdf0e10cSrcweir- "xmlSecSimpleKeysStoreId"); 1827*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 1828*cdf0e10cSrcweir return(-1); 1829*cdf0e10cSrcweir } 1830*cdf0e10cSrcweir 1831*cdf0e10cSrcweir- return(0); 1832*cdf0e10cSrcweir-} 1833*cdf0e10cSrcweir- 1834*cdf0e10cSrcweir-static void 1835*cdf0e10cSrcweir-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { 1836*cdf0e10cSrcweir- xmlSecKeyStorePtr *ss; 1837*cdf0e10cSrcweir- 1838*cdf0e10cSrcweir- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); 1839*cdf0e10cSrcweir- 1840*cdf0e10cSrcweir- ss = xmlSecNssKeysStoreGetSS(store); 1841*cdf0e10cSrcweir- xmlSecAssert((ss != NULL) && (*ss != NULL)); 1842*cdf0e10cSrcweir- 1843*cdf0e10cSrcweir- xmlSecKeyStoreDestroy(*ss); 1844*cdf0e10cSrcweir-} 1845*cdf0e10cSrcweir- 1846*cdf0e10cSrcweir-static xmlSecKeyPtr 1847*cdf0e10cSrcweir-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, 1848*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx) { 1849*cdf0e10cSrcweir- xmlSecKeyStorePtr* ss; 1850*cdf0e10cSrcweir- xmlSecKeyPtr key = NULL; 1851*cdf0e10cSrcweir- xmlSecKeyPtr retval = NULL; 1852*cdf0e10cSrcweir- xmlSecKeyReqPtr keyReq = NULL; 1853*cdf0e10cSrcweir- CERTCertificate *cert = NULL; 1854*cdf0e10cSrcweir- SECKEYPublicKey *pubkey = NULL; 1855*cdf0e10cSrcweir- SECKEYPrivateKey *privkey = NULL; 1856*cdf0e10cSrcweir- xmlSecKeyDataPtr data = NULL; 1857*cdf0e10cSrcweir- xmlSecKeyDataPtr x509Data = NULL; 1858*cdf0e10cSrcweir- int ret; 1859*cdf0e10cSrcweir- 1860*cdf0e10cSrcweir- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); 1861*cdf0e10cSrcweir- xmlSecAssert2(keyInfoCtx != NULL, NULL); 1862*cdf0e10cSrcweir- 1863*cdf0e10cSrcweir- ss = xmlSecNssKeysStoreGetSS(store); 1864*cdf0e10cSrcweir- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); 1865*cdf0e10cSrcweir- 1866*cdf0e10cSrcweir- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); 1867*cdf0e10cSrcweir- if (key != NULL) { 1868*cdf0e10cSrcweir- return (key); 1869*cdf0e10cSrcweir- } 1870*cdf0e10cSrcweir- 1871*cdf0e10cSrcweir- /* Try to find the key in the NSS DB, and construct an xmlSecKey. 1872*cdf0e10cSrcweir- * we must have a name to lookup keys in NSS DB. 1873*cdf0e10cSrcweir- */ 1874*cdf0e10cSrcweir- if (name == NULL) { 1875*cdf0e10cSrcweir- goto done; 1876*cdf0e10cSrcweir- } 1877*cdf0e10cSrcweir+ idsList = xmlSecKeyDataIdsGet(); 1878*cdf0e10cSrcweir+ xmlSecAssert2(idsList != NULL, -1); 1879*cdf0e10cSrcweir 1880*cdf0e10cSrcweir- /* what type of key are we looking for? 1881*cdf0e10cSrcweir- * TBD: For now, we'll look only for public/private keys using the 1882*cdf0e10cSrcweir- * name as a cert nickname. Later on, we can attempt to find 1883*cdf0e10cSrcweir- * symmetric keys using PK11_FindFixedKey 1884*cdf0e10cSrcweir- */ 1885*cdf0e10cSrcweir- keyReq = &(keyInfoCtx->keyReq); 1886*cdf0e10cSrcweir- if (keyReq->keyType & 1887*cdf0e10cSrcweir- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { 1888*cdf0e10cSrcweir- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); 1889*cdf0e10cSrcweir- if (cert == NULL) { 1890*cdf0e10cSrcweir- goto done; 1891*cdf0e10cSrcweir- } 1892*cdf0e10cSrcweir+ keysSize = xmlSecPtrListGetSize(list); 1893*cdf0e10cSrcweir+ idsSize = xmlSecPtrListGetSize(idsList); 1894*cdf0e10cSrcweir+ for(i = 0; i < keysSize; ++i) { 1895*cdf0e10cSrcweir+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); 1896*cdf0e10cSrcweir+ xmlSecAssert2(key != NULL, -1); 1897*cdf0e10cSrcweir 1898*cdf0e10cSrcweir- if (keyReq->keyType & xmlSecKeyDataTypePublic) { 1899*cdf0e10cSrcweir- pubkey = CERT_ExtractPublicKey(cert); 1900*cdf0e10cSrcweir- if (pubkey == NULL) { 1901*cdf0e10cSrcweir+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); 1902*cdf0e10cSrcweir+ if(cur == NULL) { 1903*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 1904*cdf0e10cSrcweir- NULL, 1905*cdf0e10cSrcweir- "CERT_ExtractPublicKey", 1906*cdf0e10cSrcweir- XMLSEC_ERRORS_R_CRYPTO_FAILED, 1907*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 1908*cdf0e10cSrcweir- goto done; 1909*cdf0e10cSrcweir- } 1910*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 1911*cdf0e10cSrcweir+ "xmlSecAddChild", 1912*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 1913*cdf0e10cSrcweir+ "node=%s", 1914*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); 1915*cdf0e10cSrcweir+ xmlFreeDoc(doc); 1916*cdf0e10cSrcweir+ return(-1); 1917*cdf0e10cSrcweir } 1918*cdf0e10cSrcweir 1919*cdf0e10cSrcweir- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { 1920*cdf0e10cSrcweir- privkey = PK11_FindKeyByAnyCert(cert, NULL); 1921*cdf0e10cSrcweir- if (privkey == NULL) { 1922*cdf0e10cSrcweir+ /* special data key name */ 1923*cdf0e10cSrcweir+ if(xmlSecKeyGetName(key) != NULL) { 1924*cdf0e10cSrcweir+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { 1925*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 1926*cdf0e10cSrcweir- NULL, 1927*cdf0e10cSrcweir- "PK11_FindKeyByAnyCert", 1928*cdf0e10cSrcweir- XMLSEC_ERRORS_R_CRYPTO_FAILED, 1929*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 1930*cdf0e10cSrcweir- goto done; 1931*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 1932*cdf0e10cSrcweir+ "xmlSecAddChild", 1933*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 1934*cdf0e10cSrcweir+ "node=%s", 1935*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecNodeKeyName)); 1936*cdf0e10cSrcweir+ xmlFreeDoc(doc); 1937*cdf0e10cSrcweir+ return(-1); 1938*cdf0e10cSrcweir } 1939*cdf0e10cSrcweir } 1940*cdf0e10cSrcweir 1941*cdf0e10cSrcweir- data = xmlSecNssPKIAdoptKey(privkey, pubkey); 1942*cdf0e10cSrcweir- if(data == NULL) { 1943*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 1944*cdf0e10cSrcweir- NULL, 1945*cdf0e10cSrcweir- "xmlSecNssPKIAdoptKey", 1946*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1947*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 1948*cdf0e10cSrcweir- goto done; 1949*cdf0e10cSrcweir- } 1950*cdf0e10cSrcweir- privkey = NULL; 1951*cdf0e10cSrcweir- pubkey = NULL; 1952*cdf0e10cSrcweir- 1953*cdf0e10cSrcweir- key = xmlSecKeyCreate(); 1954*cdf0e10cSrcweir- if (key == NULL) { 1955*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 1956*cdf0e10cSrcweir- NULL, 1957*cdf0e10cSrcweir- "xmlSecKeyCreate", 1958*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1959*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 1960*cdf0e10cSrcweir- return (NULL); 1961*cdf0e10cSrcweir- } 1962*cdf0e10cSrcweir- 1963*cdf0e10cSrcweir- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); 1964*cdf0e10cSrcweir- if(x509Data == NULL) { 1965*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 1966*cdf0e10cSrcweir- NULL, 1967*cdf0e10cSrcweir- "xmlSecKeyDataCreate", 1968*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1969*cdf0e10cSrcweir- "transform=%s", 1970*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); 1971*cdf0e10cSrcweir- goto done; 1972*cdf0e10cSrcweir- } 1973*cdf0e10cSrcweir+ /* create nodes for other keys data */ 1974*cdf0e10cSrcweir+ for(j = 0; j < idsSize; ++j) { 1975*cdf0e10cSrcweir+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); 1976*cdf0e10cSrcweir+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); 1977*cdf0e10cSrcweir+ 1978*cdf0e10cSrcweir+ if(dataId->dataNodeName == NULL) { 1979*cdf0e10cSrcweir+ continue; 1980*cdf0e10cSrcweir+ } 1981*cdf0e10cSrcweir+ 1982*cdf0e10cSrcweir+ data = xmlSecKeyGetData(key, dataId); 1983*cdf0e10cSrcweir+ if(data == NULL) { 1984*cdf0e10cSrcweir+ continue; 1985*cdf0e10cSrcweir+ } 1986*cdf0e10cSrcweir 1987*cdf0e10cSrcweir- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); 1988*cdf0e10cSrcweir- if (ret < 0) { 1989*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 1990*cdf0e10cSrcweir- NULL, 1991*cdf0e10cSrcweir- "xmlSecNssKeyDataX509AdoptKeyCert", 1992*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1993*cdf0e10cSrcweir- "data=%s", 1994*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 1995*cdf0e10cSrcweir- goto done; 1996*cdf0e10cSrcweir- } 1997*cdf0e10cSrcweir- cert = CERT_DupCertificate(cert); 1998*cdf0e10cSrcweir- if (cert == NULL) { 1999*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 2000*cdf0e10cSrcweir- NULL, 2001*cdf0e10cSrcweir- "CERT_DupCertificate", 2002*cdf0e10cSrcweir- XMLSEC_ERRORS_R_CRYPTO_FAILED, 2003*cdf0e10cSrcweir- "data=%s", 2004*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 2005*cdf0e10cSrcweir- goto done; 2006*cdf0e10cSrcweir+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { 2007*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2008*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2009*cdf0e10cSrcweir+ "xmlSecAddChild", 2010*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2011*cdf0e10cSrcweir+ "node=%s", 2012*cdf0e10cSrcweir+ xmlSecErrorsSafeString(dataId->dataNodeName)); 2013*cdf0e10cSrcweir+ xmlFreeDoc(doc); 2014*cdf0e10cSrcweir+ return(-1); 2015*cdf0e10cSrcweir+ } 2016*cdf0e10cSrcweir } 2017*cdf0e10cSrcweir 2018*cdf0e10cSrcweir- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); 2019*cdf0e10cSrcweir+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); 2020*cdf0e10cSrcweir if (ret < 0) { 2021*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 2022*cdf0e10cSrcweir- NULL, 2023*cdf0e10cSrcweir- "xmlSecNssKeyDataX509AdoptCert", 2024*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2025*cdf0e10cSrcweir+ "xmlSecKeyInfoCtxInitialize", 2026*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 2027*cdf0e10cSrcweir- "data=%s", 2028*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 2029*cdf0e10cSrcweir- goto done; 2030*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2031*cdf0e10cSrcweir+ xmlFreeDoc(doc); 2032*cdf0e10cSrcweir+ return(-1); 2033*cdf0e10cSrcweir } 2034*cdf0e10cSrcweir- cert = NULL; 2035*cdf0e10cSrcweir 2036*cdf0e10cSrcweir- ret = xmlSecKeySetValue(key, data); 2037*cdf0e10cSrcweir- if (ret < 0) { 2038*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 2039*cdf0e10cSrcweir- NULL, 2040*cdf0e10cSrcweir- "xmlSecKeySetValue", 2041*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 2042*cdf0e10cSrcweir- "data=%s", 2043*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); 2044*cdf0e10cSrcweir- goto done; 2045*cdf0e10cSrcweir- } 2046*cdf0e10cSrcweir- data = NULL; 2047*cdf0e10cSrcweir+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite; 2048*cdf0e10cSrcweir+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; 2049*cdf0e10cSrcweir+ keyInfoCtx.keyReq.keyType = type; 2050*cdf0e10cSrcweir+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; 2051*cdf0e10cSrcweir 2052*cdf0e10cSrcweir- ret = xmlSecKeyAdoptData(key, x509Data); 2053*cdf0e10cSrcweir+ /* finally write key in the node */ 2054*cdf0e10cSrcweir+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); 2055*cdf0e10cSrcweir if (ret < 0) { 2056*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 2057*cdf0e10cSrcweir- NULL, 2058*cdf0e10cSrcweir- "xmlSecKeyAdoptData", 2059*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2060*cdf0e10cSrcweir+ "xmlSecKeyInfoNodeWrite", 2061*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 2062*cdf0e10cSrcweir- "data=%s", 2063*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 2064*cdf0e10cSrcweir- goto done; 2065*cdf0e10cSrcweir- } 2066*cdf0e10cSrcweir- x509Data = NULL; 2067*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2068*cdf0e10cSrcweir+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); 2069*cdf0e10cSrcweir+ xmlFreeDoc(doc); 2070*cdf0e10cSrcweir+ return(-1); 2071*cdf0e10cSrcweir+ } 2072*cdf0e10cSrcweir 2073*cdf0e10cSrcweir- retval = key; 2074*cdf0e10cSrcweir- key = NULL; 2075*cdf0e10cSrcweir+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); 2076*cdf0e10cSrcweir } 2077*cdf0e10cSrcweir 2078*cdf0e10cSrcweir-done: 2079*cdf0e10cSrcweir- if (cert != NULL) { 2080*cdf0e10cSrcweir- CERT_DestroyCertificate(cert); 2081*cdf0e10cSrcweir- } 2082*cdf0e10cSrcweir- if (pubkey != NULL) { 2083*cdf0e10cSrcweir- SECKEY_DestroyPublicKey(pubkey); 2084*cdf0e10cSrcweir- } 2085*cdf0e10cSrcweir- if (privkey != NULL) { 2086*cdf0e10cSrcweir- SECKEY_DestroyPrivateKey(privkey); 2087*cdf0e10cSrcweir- } 2088*cdf0e10cSrcweir- if (data != NULL) { 2089*cdf0e10cSrcweir- xmlSecKeyDataDestroy(data); 2090*cdf0e10cSrcweir- } 2091*cdf0e10cSrcweir- if (x509Data != NULL) { 2092*cdf0e10cSrcweir- xmlSecKeyDataDestroy(x509Data); 2093*cdf0e10cSrcweir- } 2094*cdf0e10cSrcweir- if (key != NULL) { 2095*cdf0e10cSrcweir- xmlSecKeyDestroy(key); 2096*cdf0e10cSrcweir+ /* now write result */ 2097*cdf0e10cSrcweir+ ret = xmlSaveFormatFile(filename, doc, 1); 2098*cdf0e10cSrcweir+ if (ret < 0) { 2099*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2100*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2101*cdf0e10cSrcweir+ "xmlSaveFormatFile", 2102*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XML_FAILED, 2103*cdf0e10cSrcweir+ "filename=%s", 2104*cdf0e10cSrcweir+ xmlSecErrorsSafeString(filename)); 2105*cdf0e10cSrcweir+ xmlFreeDoc(doc); 2106*cdf0e10cSrcweir+ return(-1); 2107*cdf0e10cSrcweir } 2108*cdf0e10cSrcweir 2109*cdf0e10cSrcweir- return (retval); 2110*cdf0e10cSrcweir+ xmlFreeDoc(doc); 2111*cdf0e10cSrcweir+ return(0); 2112*cdf0e10cSrcweir } 2113*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200 2114*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200 2115*cdf0e10cSrcweir@@ -1 +1,1213 @@ 2116*cdf0e10cSrcweir-dummy 2117*cdf0e10cSrcweir+/** 2118*cdf0e10cSrcweir+ * 2119*cdf0e10cSrcweir+ * XMLSec library 2120*cdf0e10cSrcweir+ * 2121*cdf0e10cSrcweir+ * AES Algorithm support 2122*cdf0e10cSrcweir+ * 2123*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 2124*cdf0e10cSrcweir+ * distribution for preciese wording. 2125*cdf0e10cSrcweir+ * 2126*cdf0e10cSrcweir+ * Copyright ................................. 2127*cdf0e10cSrcweir+ */ 2128*cdf0e10cSrcweir+#include "globals.h" 2129*cdf0e10cSrcweir+ 2130*cdf0e10cSrcweir+#include <stdlib.h> 2131*cdf0e10cSrcweir+#include <stdio.h> 2132*cdf0e10cSrcweir+#include <string.h> 2133*cdf0e10cSrcweir+ 2134*cdf0e10cSrcweir+#include <nss.h> 2135*cdf0e10cSrcweir+#include <pk11func.h> 2136*cdf0e10cSrcweir+#include <hasht.h> 2137*cdf0e10cSrcweir+ 2138*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 2139*cdf0e10cSrcweir+#include <xmlsec/xmltree.h> 2140*cdf0e10cSrcweir+#include <xmlsec/keys.h> 2141*cdf0e10cSrcweir+#include <xmlsec/transforms.h> 2142*cdf0e10cSrcweir+#include <xmlsec/errors.h> 2143*cdf0e10cSrcweir+ 2144*cdf0e10cSrcweir+#include <xmlsec/nss/crypto.h> 2145*cdf0e10cSrcweir+#include <xmlsec/nss/ciphers.h> 2146*cdf0e10cSrcweir+ 2147*cdf0e10cSrcweir+#define XMLSEC_NSS_AES128_KEY_SIZE 16 2148*cdf0e10cSrcweir+#define XMLSEC_NSS_AES192_KEY_SIZE 24 2149*cdf0e10cSrcweir+#define XMLSEC_NSS_AES256_KEY_SIZE 32 2150*cdf0e10cSrcweir+#define XMLSEC_NSS_DES3_KEY_SIZE 24 2151*cdf0e10cSrcweir+#define XMLSEC_NSS_DES3_KEY_LENGTH 24 2152*cdf0e10cSrcweir+#define XMLSEC_NSS_DES3_IV_LENGTH 8 2153*cdf0e10cSrcweir+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 2154*cdf0e10cSrcweir+ 2155*cdf0e10cSrcweir+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { 2156*cdf0e10cSrcweir+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 2157*cdf0e10cSrcweir+}; 2158*cdf0e10cSrcweir+ 2159*cdf0e10cSrcweir+/********************************************************************* 2160*cdf0e10cSrcweir+ * 2161*cdf0e10cSrcweir+ * key wrap transforms 2162*cdf0e10cSrcweir+ * 2163*cdf0e10cSrcweir+ ********************************************************************/ 2164*cdf0e10cSrcweir+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; 2165*cdf0e10cSrcweir+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; 2166*cdf0e10cSrcweir+ 2167*cdf0e10cSrcweir+#define xmlSecNssKeyWrapSize \ 2168*cdf0e10cSrcweir+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) 2169*cdf0e10cSrcweir+ 2170*cdf0e10cSrcweir+#define xmlSecNssKeyWrapGetCtx( transform ) \ 2171*cdf0e10cSrcweir+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) 2172*cdf0e10cSrcweir+ 2173*cdf0e10cSrcweir+struct _xmlSecNssKeyWrapCtx { 2174*cdf0e10cSrcweir+ CK_MECHANISM_TYPE cipher ; 2175*cdf0e10cSrcweir+ PK11SymKey* symkey ; 2176*cdf0e10cSrcweir+ xmlSecKeyDataId keyId ; 2177*cdf0e10cSrcweir+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ 2178*cdf0e10cSrcweir+} ; 2179*cdf0e10cSrcweir+ 2180*cdf0e10cSrcweir+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); 2181*cdf0e10cSrcweir+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); 2182*cdf0e10cSrcweir+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, 2183*cdf0e10cSrcweir+ xmlSecKeyReqPtr keyReq); 2184*cdf0e10cSrcweir+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, 2185*cdf0e10cSrcweir+ xmlSecKeyPtr key); 2186*cdf0e10cSrcweir+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, 2187*cdf0e10cSrcweir+ int last, 2188*cdf0e10cSrcweir+ xmlSecTransformCtxPtr transformCtx); 2189*cdf0e10cSrcweir+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); 2190*cdf0e10cSrcweir+ 2191*cdf0e10cSrcweir+static int 2192*cdf0e10cSrcweir+xmlSecNssKeyWrapCheckId( 2193*cdf0e10cSrcweir+ xmlSecTransformPtr transform 2194*cdf0e10cSrcweir+) { 2195*cdf0e10cSrcweir+ #ifndef XMLSEC_NO_DES 2196*cdf0e10cSrcweir+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { 2197*cdf0e10cSrcweir+ return(1); 2198*cdf0e10cSrcweir+ } 2199*cdf0e10cSrcweir+ #endif /* XMLSEC_NO_DES */ 2200*cdf0e10cSrcweir+ 2201*cdf0e10cSrcweir+ #ifndef XMLSEC_NO_AES 2202*cdf0e10cSrcweir+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || 2203*cdf0e10cSrcweir+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || 2204*cdf0e10cSrcweir+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { 2205*cdf0e10cSrcweir+ 2206*cdf0e10cSrcweir+ return(1); 2207*cdf0e10cSrcweir+ } 2208*cdf0e10cSrcweir+ #endif /* XMLSEC_NO_AES */ 2209*cdf0e10cSrcweir+ 2210*cdf0e10cSrcweir+ return(0); 2211*cdf0e10cSrcweir+} 2212*cdf0e10cSrcweir+ 2213*cdf0e10cSrcweir+static xmlSecSize 2214*cdf0e10cSrcweir+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { 2215*cdf0e10cSrcweir+#ifndef XMLSEC_NO_DES 2216*cdf0e10cSrcweir+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { 2217*cdf0e10cSrcweir+ return(XMLSEC_NSS_DES3_KEY_SIZE); 2218*cdf0e10cSrcweir+ } else 2219*cdf0e10cSrcweir+#endif /* XMLSEC_NO_DES */ 2220*cdf0e10cSrcweir+ 2221*cdf0e10cSrcweir+#ifndef XMLSEC_NO_AES 2222*cdf0e10cSrcweir+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { 2223*cdf0e10cSrcweir+ return(XMLSEC_NSS_AES128_KEY_SIZE); 2224*cdf0e10cSrcweir+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { 2225*cdf0e10cSrcweir+ return(XMLSEC_NSS_AES192_KEY_SIZE); 2226*cdf0e10cSrcweir+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { 2227*cdf0e10cSrcweir+ return(XMLSEC_NSS_AES256_KEY_SIZE); 2228*cdf0e10cSrcweir+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { 2229*cdf0e10cSrcweir+ return(XMLSEC_NSS_AES256_KEY_SIZE); 2230*cdf0e10cSrcweir+ } else 2231*cdf0e10cSrcweir+#endif /* XMLSEC_NO_AES */ 2232*cdf0e10cSrcweir+ 2233*cdf0e10cSrcweir+ if(1) 2234*cdf0e10cSrcweir+ return(0); 2235*cdf0e10cSrcweir+} 2236*cdf0e10cSrcweir+ 2237*cdf0e10cSrcweir+ 2238*cdf0e10cSrcweir+static int 2239*cdf0e10cSrcweir+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { 2240*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr context ; 2241*cdf0e10cSrcweir+ int ret; 2242*cdf0e10cSrcweir+ 2243*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); 2244*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); 2245*cdf0e10cSrcweir+ 2246*cdf0e10cSrcweir+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2247*cdf0e10cSrcweir+ xmlSecAssert2( context != NULL , -1 ) ; 2248*cdf0e10cSrcweir+ 2249*cdf0e10cSrcweir+ #ifndef XMLSEC_NO_DES 2250*cdf0e10cSrcweir+ if( transform->id == xmlSecNssTransformKWDes3Id ) { 2251*cdf0e10cSrcweir+ context->cipher = CKM_DES3_CBC ; 2252*cdf0e10cSrcweir+ context->keyId = xmlSecNssKeyDataDesId ; 2253*cdf0e10cSrcweir+ } else 2254*cdf0e10cSrcweir+ #endif /* XMLSEC_NO_DES */ 2255*cdf0e10cSrcweir+ 2256*cdf0e10cSrcweir+ #ifndef XMLSEC_NO_AES 2257*cdf0e10cSrcweir+ if( transform->id == xmlSecNssTransformKWAes128Id ) { 2258*cdf0e10cSrcweir+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ 2259*cdf0e10cSrcweir+ context->cipher = CKM_AES_CBC ; 2260*cdf0e10cSrcweir+ context->keyId = xmlSecNssKeyDataAesId ; 2261*cdf0e10cSrcweir+ } else 2262*cdf0e10cSrcweir+ if( transform->id == xmlSecNssTransformKWAes192Id ) { 2263*cdf0e10cSrcweir+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ 2264*cdf0e10cSrcweir+ context->cipher = CKM_AES_CBC ; 2265*cdf0e10cSrcweir+ context->keyId = xmlSecNssKeyDataAesId ; 2266*cdf0e10cSrcweir+ } else 2267*cdf0e10cSrcweir+ if( transform->id == xmlSecNssTransformKWAes256Id ) { 2268*cdf0e10cSrcweir+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ 2269*cdf0e10cSrcweir+ context->cipher = CKM_AES_CBC ; 2270*cdf0e10cSrcweir+ context->keyId = xmlSecNssKeyDataAesId ; 2271*cdf0e10cSrcweir+ } else 2272*cdf0e10cSrcweir+ #endif /* XMLSEC_NO_AES */ 2273*cdf0e10cSrcweir+ 2274*cdf0e10cSrcweir+ 2275*cdf0e10cSrcweir+ if( 1 ) { 2276*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2277*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 2278*cdf0e10cSrcweir+ NULL , 2279*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2280*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2281*cdf0e10cSrcweir+ return(-1); 2282*cdf0e10cSrcweir+ } 2283*cdf0e10cSrcweir+ 2284*cdf0e10cSrcweir+ context->symkey = NULL ; 2285*cdf0e10cSrcweir+ context->material = NULL ; 2286*cdf0e10cSrcweir+ 2287*cdf0e10cSrcweir+ return(0); 2288*cdf0e10cSrcweir+} 2289*cdf0e10cSrcweir+ 2290*cdf0e10cSrcweir+static void 2291*cdf0e10cSrcweir+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { 2292*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr context ; 2293*cdf0e10cSrcweir+ 2294*cdf0e10cSrcweir+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); 2295*cdf0e10cSrcweir+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); 2296*cdf0e10cSrcweir+ 2297*cdf0e10cSrcweir+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2298*cdf0e10cSrcweir+ xmlSecAssert( context != NULL ) ; 2299*cdf0e10cSrcweir+ 2300*cdf0e10cSrcweir+ if( context->symkey != NULL ) { 2301*cdf0e10cSrcweir+ PK11_FreeSymKey( context->symkey ) ; 2302*cdf0e10cSrcweir+ context->symkey = NULL ; 2303*cdf0e10cSrcweir+ } 2304*cdf0e10cSrcweir+ 2305*cdf0e10cSrcweir+ if( context->material != NULL ) { 2306*cdf0e10cSrcweir+ xmlSecBufferDestroy(context->material); 2307*cdf0e10cSrcweir+ context->material = NULL ; 2308*cdf0e10cSrcweir+ } 2309*cdf0e10cSrcweir+} 2310*cdf0e10cSrcweir+ 2311*cdf0e10cSrcweir+static int 2312*cdf0e10cSrcweir+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { 2313*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr context ; 2314*cdf0e10cSrcweir+ xmlSecSize cipherSize = 0 ; 2315*cdf0e10cSrcweir+ 2316*cdf0e10cSrcweir+ 2317*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); 2318*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); 2319*cdf0e10cSrcweir+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 2320*cdf0e10cSrcweir+ xmlSecAssert2(keyReq != NULL, -1); 2321*cdf0e10cSrcweir+ 2322*cdf0e10cSrcweir+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2323*cdf0e10cSrcweir+ xmlSecAssert2( context != NULL , -1 ) ; 2324*cdf0e10cSrcweir+ 2325*cdf0e10cSrcweir+ keyReq->keyId = context->keyId; 2326*cdf0e10cSrcweir+ keyReq->keyType = xmlSecKeyDataTypeSymmetric; 2327*cdf0e10cSrcweir+ if(transform->operation == xmlSecTransformOperationEncrypt) { 2328*cdf0e10cSrcweir+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; 2329*cdf0e10cSrcweir+ } else { 2330*cdf0e10cSrcweir+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; 2331*cdf0e10cSrcweir+ } 2332*cdf0e10cSrcweir+ 2333*cdf0e10cSrcweir+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; 2334*cdf0e10cSrcweir+ 2335*cdf0e10cSrcweir+ return(0); 2336*cdf0e10cSrcweir+} 2337*cdf0e10cSrcweir+ 2338*cdf0e10cSrcweir+static int 2339*cdf0e10cSrcweir+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { 2340*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr context = NULL ; 2341*cdf0e10cSrcweir+ xmlSecKeyDataPtr keyData = NULL ; 2342*cdf0e10cSrcweir+ PK11SymKey* symkey = NULL ; 2343*cdf0e10cSrcweir+ 2344*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); 2345*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); 2346*cdf0e10cSrcweir+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 2347*cdf0e10cSrcweir+ xmlSecAssert2(key != NULL, -1); 2348*cdf0e10cSrcweir+ 2349*cdf0e10cSrcweir+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2350*cdf0e10cSrcweir+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { 2351*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2352*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 2353*cdf0e10cSrcweir+ "xmlSecNssKeyWrapGetCtx" , 2354*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2355*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2356*cdf0e10cSrcweir+ return(-1); 2357*cdf0e10cSrcweir+ } 2358*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; 2359*cdf0e10cSrcweir+ 2360*cdf0e10cSrcweir+ keyData = xmlSecKeyGetValue( key ) ; 2361*cdf0e10cSrcweir+ if( keyData == NULL ) { 2362*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2363*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , 2364*cdf0e10cSrcweir+ "xmlSecKeyGetValue" , 2365*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2366*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2367*cdf0e10cSrcweir+ return(-1); 2368*cdf0e10cSrcweir+ } 2369*cdf0e10cSrcweir+ 2370*cdf0e10cSrcweir+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { 2371*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2372*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , 2373*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataGetKey" , 2374*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2375*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2376*cdf0e10cSrcweir+ return(-1); 2377*cdf0e10cSrcweir+ } 2378*cdf0e10cSrcweir+ 2379*cdf0e10cSrcweir+ context->symkey = symkey ; 2380*cdf0e10cSrcweir+ 2381*cdf0e10cSrcweir+ return(0) ; 2382*cdf0e10cSrcweir+} 2383*cdf0e10cSrcweir+ 2384*cdf0e10cSrcweir+/** 2385*cdf0e10cSrcweir+ * key wrap transform 2386*cdf0e10cSrcweir+ */ 2387*cdf0e10cSrcweir+static int 2388*cdf0e10cSrcweir+xmlSecNssKeyWrapCtxInit( 2389*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr ctx , 2390*cdf0e10cSrcweir+ xmlSecBufferPtr in , 2391*cdf0e10cSrcweir+ xmlSecBufferPtr out , 2392*cdf0e10cSrcweir+ int encrypt , 2393*cdf0e10cSrcweir+ xmlSecTransformCtxPtr transformCtx 2394*cdf0e10cSrcweir+) { 2395*cdf0e10cSrcweir+ xmlSecSize blockSize ; 2396*cdf0e10cSrcweir+ 2397*cdf0e10cSrcweir+ xmlSecAssert2( ctx != NULL , -1 ) ; 2398*cdf0e10cSrcweir+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2399*cdf0e10cSrcweir+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2400*cdf0e10cSrcweir+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2401*cdf0e10cSrcweir+ xmlSecAssert2( in != NULL , -1 ) ; 2402*cdf0e10cSrcweir+ xmlSecAssert2( out != NULL , -1 ) ; 2403*cdf0e10cSrcweir+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 2404*cdf0e10cSrcweir+ 2405*cdf0e10cSrcweir+ if( ctx->material != NULL ) { 2406*cdf0e10cSrcweir+ xmlSecBufferDestroy( ctx->material ) ; 2407*cdf0e10cSrcweir+ ctx->material = NULL ; 2408*cdf0e10cSrcweir+ } 2409*cdf0e10cSrcweir+ 2410*cdf0e10cSrcweir+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 2411*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2412*cdf0e10cSrcweir+ NULL , 2413*cdf0e10cSrcweir+ "PK11_GetBlockSize" , 2414*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2415*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2416*cdf0e10cSrcweir+ return(-1); 2417*cdf0e10cSrcweir+ } 2418*cdf0e10cSrcweir+ 2419*cdf0e10cSrcweir+ ctx->material = xmlSecBufferCreate( blockSize ) ; 2420*cdf0e10cSrcweir+ if( ctx->material == NULL ) { 2421*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2422*cdf0e10cSrcweir+ NULL , 2423*cdf0e10cSrcweir+ "xmlSecBufferCreate" , 2424*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2425*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2426*cdf0e10cSrcweir+ return(-1); 2427*cdf0e10cSrcweir+ } 2428*cdf0e10cSrcweir+ 2429*cdf0e10cSrcweir+ /* read raw key material into context */ 2430*cdf0e10cSrcweir+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { 2431*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2432*cdf0e10cSrcweir+ NULL , 2433*cdf0e10cSrcweir+ "xmlSecBufferSetData" , 2434*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2435*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2436*cdf0e10cSrcweir+ return(-1); 2437*cdf0e10cSrcweir+ } 2438*cdf0e10cSrcweir+ 2439*cdf0e10cSrcweir+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { 2440*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2441*cdf0e10cSrcweir+ NULL , 2442*cdf0e10cSrcweir+ "xmlSecBufferRemoveHead" , 2443*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2444*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2445*cdf0e10cSrcweir+ return(-1); 2446*cdf0e10cSrcweir+ } 2447*cdf0e10cSrcweir+ 2448*cdf0e10cSrcweir+ return(0); 2449*cdf0e10cSrcweir+} 2450*cdf0e10cSrcweir+ 2451*cdf0e10cSrcweir+/** 2452*cdf0e10cSrcweir+ * key wrap transform update 2453*cdf0e10cSrcweir+ */ 2454*cdf0e10cSrcweir+static int 2455*cdf0e10cSrcweir+xmlSecNssKeyWrapCtxUpdate( 2456*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr ctx , 2457*cdf0e10cSrcweir+ xmlSecBufferPtr in , 2458*cdf0e10cSrcweir+ xmlSecBufferPtr out , 2459*cdf0e10cSrcweir+ int encrypt , 2460*cdf0e10cSrcweir+ xmlSecTransformCtxPtr transformCtx 2461*cdf0e10cSrcweir+) { 2462*cdf0e10cSrcweir+ xmlSecAssert2( ctx != NULL , -1 ) ; 2463*cdf0e10cSrcweir+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2464*cdf0e10cSrcweir+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2465*cdf0e10cSrcweir+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2466*cdf0e10cSrcweir+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2467*cdf0e10cSrcweir+ xmlSecAssert2( in != NULL , -1 ) ; 2468*cdf0e10cSrcweir+ xmlSecAssert2( out != NULL , -1 ) ; 2469*cdf0e10cSrcweir+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 2470*cdf0e10cSrcweir+ 2471*cdf0e10cSrcweir+ /* read raw key material and append into context */ 2472*cdf0e10cSrcweir+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { 2473*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2474*cdf0e10cSrcweir+ NULL , 2475*cdf0e10cSrcweir+ "xmlSecBufferAppend" , 2476*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2477*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2478*cdf0e10cSrcweir+ return(-1); 2479*cdf0e10cSrcweir+ } 2480*cdf0e10cSrcweir+ 2481*cdf0e10cSrcweir+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { 2482*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2483*cdf0e10cSrcweir+ NULL , 2484*cdf0e10cSrcweir+ "xmlSecBufferRemoveHead" , 2485*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2486*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2487*cdf0e10cSrcweir+ return(-1); 2488*cdf0e10cSrcweir+ } 2489*cdf0e10cSrcweir+ 2490*cdf0e10cSrcweir+ return(0); 2491*cdf0e10cSrcweir+} 2492*cdf0e10cSrcweir+ 2493*cdf0e10cSrcweir+static int 2494*cdf0e10cSrcweir+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { 2495*cdf0e10cSrcweir+ xmlSecSize s; 2496*cdf0e10cSrcweir+ xmlSecSize i; 2497*cdf0e10cSrcweir+ xmlSecByte c; 2498*cdf0e10cSrcweir+ 2499*cdf0e10cSrcweir+ xmlSecAssert2(buf != NULL, -1); 2500*cdf0e10cSrcweir+ 2501*cdf0e10cSrcweir+ s = size / 2; 2502*cdf0e10cSrcweir+ --size; 2503*cdf0e10cSrcweir+ for(i = 0; i < s; ++i) { 2504*cdf0e10cSrcweir+ c = buf[i]; 2505*cdf0e10cSrcweir+ buf[i] = buf[size - i]; 2506*cdf0e10cSrcweir+ buf[size - i] = c; 2507*cdf0e10cSrcweir+ } 2508*cdf0e10cSrcweir+ return(0); 2509*cdf0e10cSrcweir+} 2510*cdf0e10cSrcweir+ 2511*cdf0e10cSrcweir+static xmlSecByte * 2512*cdf0e10cSrcweir+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, 2513*cdf0e10cSrcweir+ xmlSecByte *out, xmlSecSize outSize) 2514*cdf0e10cSrcweir+{ 2515*cdf0e10cSrcweir+ PK11Context *context = NULL; 2516*cdf0e10cSrcweir+ SECStatus s; 2517*cdf0e10cSrcweir+ xmlSecByte *digest = NULL; 2518*cdf0e10cSrcweir+ unsigned int len; 2519*cdf0e10cSrcweir+ 2520*cdf0e10cSrcweir+ xmlSecAssert2(in != NULL, NULL); 2521*cdf0e10cSrcweir+ xmlSecAssert2(out != NULL, NULL); 2522*cdf0e10cSrcweir+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); 2523*cdf0e10cSrcweir+ 2524*cdf0e10cSrcweir+ /* Create a context for hashing (digesting) */ 2525*cdf0e10cSrcweir+ context = PK11_CreateDigestContext(SEC_OID_SHA1); 2526*cdf0e10cSrcweir+ if (context == NULL) { 2527*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2528*cdf0e10cSrcweir+ NULL, 2529*cdf0e10cSrcweir+ "PK11_CreateDigestContext", 2530*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2531*cdf0e10cSrcweir+ "error code = %d", PORT_GetError()); 2532*cdf0e10cSrcweir+ goto done; 2533*cdf0e10cSrcweir+ } 2534*cdf0e10cSrcweir+ 2535*cdf0e10cSrcweir+ s = PK11_DigestBegin(context); 2536*cdf0e10cSrcweir+ if (s != SECSuccess) { 2537*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2538*cdf0e10cSrcweir+ NULL, 2539*cdf0e10cSrcweir+ "PK11_DigestBegin", 2540*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2541*cdf0e10cSrcweir+ "error code = %d", PORT_GetError()); 2542*cdf0e10cSrcweir+ goto done; 2543*cdf0e10cSrcweir+ } 2544*cdf0e10cSrcweir+ 2545*cdf0e10cSrcweir+ s = PK11_DigestOp(context, in, inSize); 2546*cdf0e10cSrcweir+ if (s != SECSuccess) { 2547*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2548*cdf0e10cSrcweir+ NULL, 2549*cdf0e10cSrcweir+ "PK11_DigestOp", 2550*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2551*cdf0e10cSrcweir+ "error code = %d", PORT_GetError()); 2552*cdf0e10cSrcweir+ goto done; 2553*cdf0e10cSrcweir+ } 2554*cdf0e10cSrcweir+ 2555*cdf0e10cSrcweir+ s = PK11_DigestFinal(context, out, &len, outSize); 2556*cdf0e10cSrcweir+ if (s != SECSuccess) { 2557*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2558*cdf0e10cSrcweir+ NULL, 2559*cdf0e10cSrcweir+ "PK11_DigestFinal", 2560*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2561*cdf0e10cSrcweir+ "error code = %d", PORT_GetError()); 2562*cdf0e10cSrcweir+ goto done; 2563*cdf0e10cSrcweir+ } 2564*cdf0e10cSrcweir+ xmlSecAssert2(len == SHA1_LENGTH, NULL); 2565*cdf0e10cSrcweir+ 2566*cdf0e10cSrcweir+ digest = out; 2567*cdf0e10cSrcweir+ 2568*cdf0e10cSrcweir+done: 2569*cdf0e10cSrcweir+ if (context != NULL) { 2570*cdf0e10cSrcweir+ PK11_DestroyContext(context, PR_TRUE); 2571*cdf0e10cSrcweir+ } 2572*cdf0e10cSrcweir+ return (digest); 2573*cdf0e10cSrcweir+} 2574*cdf0e10cSrcweir+ 2575*cdf0e10cSrcweir+static int 2576*cdf0e10cSrcweir+xmlSecNssKWDes3Encrypt( 2577*cdf0e10cSrcweir+ PK11SymKey* symKey , 2578*cdf0e10cSrcweir+ CK_MECHANISM_TYPE cipherMech , 2579*cdf0e10cSrcweir+ const xmlSecByte* iv , 2580*cdf0e10cSrcweir+ xmlSecSize ivSize , 2581*cdf0e10cSrcweir+ const xmlSecByte* in , 2582*cdf0e10cSrcweir+ xmlSecSize inSize , 2583*cdf0e10cSrcweir+ xmlSecByte* out , 2584*cdf0e10cSrcweir+ xmlSecSize outSize , 2585*cdf0e10cSrcweir+ int enc 2586*cdf0e10cSrcweir+) { 2587*cdf0e10cSrcweir+ PK11Context* EncContext = NULL; 2588*cdf0e10cSrcweir+ SECItem ivItem ; 2589*cdf0e10cSrcweir+ SECItem* secParam = NULL ; 2590*cdf0e10cSrcweir+ int tmp1_outlen; 2591*cdf0e10cSrcweir+ unsigned int tmp2_outlen; 2592*cdf0e10cSrcweir+ int result_len = -1; 2593*cdf0e10cSrcweir+ SECStatus rv; 2594*cdf0e10cSrcweir+ 2595*cdf0e10cSrcweir+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; 2596*cdf0e10cSrcweir+ xmlSecAssert2( symKey != NULL , -1 ) ; 2597*cdf0e10cSrcweir+ xmlSecAssert2(iv != NULL, -1); 2598*cdf0e10cSrcweir+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); 2599*cdf0e10cSrcweir+ xmlSecAssert2(in != NULL, -1); 2600*cdf0e10cSrcweir+ xmlSecAssert2(inSize > 0, -1); 2601*cdf0e10cSrcweir+ xmlSecAssert2(out != NULL, -1); 2602*cdf0e10cSrcweir+ xmlSecAssert2(outSize >= inSize, -1); 2603*cdf0e10cSrcweir+ 2604*cdf0e10cSrcweir+ /* Prepare IV */ 2605*cdf0e10cSrcweir+ ivItem.data = ( unsigned char* )iv ; 2606*cdf0e10cSrcweir+ ivItem.len = ivSize ; 2607*cdf0e10cSrcweir+ 2608*cdf0e10cSrcweir+ secParam = PK11_ParamFromIV(cipherMech, &ivItem); 2609*cdf0e10cSrcweir+ if (secParam == NULL) { 2610*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2611*cdf0e10cSrcweir+ NULL, 2612*cdf0e10cSrcweir+ "PK11_ParamFromIV", 2613*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2614*cdf0e10cSrcweir+ "Error code = %d", PORT_GetError()); 2615*cdf0e10cSrcweir+ goto done; 2616*cdf0e10cSrcweir+ } 2617*cdf0e10cSrcweir+ 2618*cdf0e10cSrcweir+ EncContext = PK11_CreateContextBySymKey(cipherMech, 2619*cdf0e10cSrcweir+ enc ? CKA_ENCRYPT : CKA_DECRYPT, 2620*cdf0e10cSrcweir+ symKey, secParam); 2621*cdf0e10cSrcweir+ if (EncContext == NULL) { 2622*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2623*cdf0e10cSrcweir+ NULL, 2624*cdf0e10cSrcweir+ "PK11_CreateContextBySymKey", 2625*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2626*cdf0e10cSrcweir+ "Error code = %d", PORT_GetError()); 2627*cdf0e10cSrcweir+ goto done; 2628*cdf0e10cSrcweir+ } 2629*cdf0e10cSrcweir+ 2630*cdf0e10cSrcweir+ tmp1_outlen = tmp2_outlen = 0; 2631*cdf0e10cSrcweir+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, 2632*cdf0e10cSrcweir+ (unsigned char *)in, inSize); 2633*cdf0e10cSrcweir+ if (rv != SECSuccess) { 2634*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2635*cdf0e10cSrcweir+ NULL, 2636*cdf0e10cSrcweir+ "PK11_CipherOp", 2637*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2638*cdf0e10cSrcweir+ "Error code = %d", PORT_GetError()); 2639*cdf0e10cSrcweir+ goto done; 2640*cdf0e10cSrcweir+ } 2641*cdf0e10cSrcweir+ 2642*cdf0e10cSrcweir+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, 2643*cdf0e10cSrcweir+ &tmp2_outlen, outSize-tmp1_outlen); 2644*cdf0e10cSrcweir+ if (rv != SECSuccess) { 2645*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2646*cdf0e10cSrcweir+ NULL, 2647*cdf0e10cSrcweir+ "PK11_DigestFinal", 2648*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2649*cdf0e10cSrcweir+ "Error code = %d", PORT_GetError()); 2650*cdf0e10cSrcweir+ goto done; 2651*cdf0e10cSrcweir+ } 2652*cdf0e10cSrcweir+ 2653*cdf0e10cSrcweir+ result_len = tmp1_outlen + tmp2_outlen; 2654*cdf0e10cSrcweir+ 2655*cdf0e10cSrcweir+done: 2656*cdf0e10cSrcweir+ if (secParam) { 2657*cdf0e10cSrcweir+ SECITEM_FreeItem(secParam, PR_TRUE); 2658*cdf0e10cSrcweir+ } 2659*cdf0e10cSrcweir+ if (EncContext) { 2660*cdf0e10cSrcweir+ PK11_DestroyContext(EncContext, PR_TRUE); 2661*cdf0e10cSrcweir+ } 2662*cdf0e10cSrcweir+ 2663*cdf0e10cSrcweir+ return(result_len); 2664*cdf0e10cSrcweir+} 2665*cdf0e10cSrcweir+ 2666*cdf0e10cSrcweir+static int 2667*cdf0e10cSrcweir+xmlSecNssKeyWrapDesOp( 2668*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr ctx , 2669*cdf0e10cSrcweir+ int encrypt , 2670*cdf0e10cSrcweir+ xmlSecBufferPtr result 2671*cdf0e10cSrcweir+) { 2672*cdf0e10cSrcweir+ xmlSecByte sha1[SHA1_LENGTH]; 2673*cdf0e10cSrcweir+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; 2674*cdf0e10cSrcweir+ xmlSecByte* in; 2675*cdf0e10cSrcweir+ xmlSecSize inSize; 2676*cdf0e10cSrcweir+ xmlSecByte* out; 2677*cdf0e10cSrcweir+ xmlSecSize outSize; 2678*cdf0e10cSrcweir+ xmlSecSize s; 2679*cdf0e10cSrcweir+ int ret; 2680*cdf0e10cSrcweir+ SECStatus status; 2681*cdf0e10cSrcweir+ 2682*cdf0e10cSrcweir+ xmlSecAssert2( ctx != NULL , -1 ) ; 2683*cdf0e10cSrcweir+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2684*cdf0e10cSrcweir+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2685*cdf0e10cSrcweir+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2686*cdf0e10cSrcweir+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2687*cdf0e10cSrcweir+ xmlSecAssert2( result != NULL , -1 ) ; 2688*cdf0e10cSrcweir+ 2689*cdf0e10cSrcweir+ in = xmlSecBufferGetData(ctx->material); 2690*cdf0e10cSrcweir+ inSize = xmlSecBufferGetSize(ctx->material) ; 2691*cdf0e10cSrcweir+ out = xmlSecBufferGetData(result); 2692*cdf0e10cSrcweir+ outSize = xmlSecBufferGetMaxSize(result) ; 2693*cdf0e10cSrcweir+ if( encrypt ) { 2694*cdf0e10cSrcweir+ /* step 2: calculate sha1 and CMS */ 2695*cdf0e10cSrcweir+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { 2696*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2697*cdf0e10cSrcweir+ NULL, 2698*cdf0e10cSrcweir+ "xmlSecNssComputeSHA1", 2699*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2700*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2701*cdf0e10cSrcweir+ return(-1); 2702*cdf0e10cSrcweir+ } 2703*cdf0e10cSrcweir+ 2704*cdf0e10cSrcweir+ /* step 3: construct WKCKS */ 2705*cdf0e10cSrcweir+ memcpy(out, in, inSize); 2706*cdf0e10cSrcweir+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); 2707*cdf0e10cSrcweir+ 2708*cdf0e10cSrcweir+ /* step 4: generate random iv */ 2709*cdf0e10cSrcweir+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); 2710*cdf0e10cSrcweir+ if(status != SECSuccess) { 2711*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2712*cdf0e10cSrcweir+ NULL, 2713*cdf0e10cSrcweir+ "PK11_GenerateRandom", 2714*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2715*cdf0e10cSrcweir+ "error code = %d", PORT_GetError()); 2716*cdf0e10cSrcweir+ return(-1); 2717*cdf0e10cSrcweir+ } 2718*cdf0e10cSrcweir+ 2719*cdf0e10cSrcweir+ /* step 5: first encryption, result is TEMP1 */ 2720*cdf0e10cSrcweir+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2721*cdf0e10cSrcweir+ iv, XMLSEC_NSS_DES3_IV_LENGTH, 2722*cdf0e10cSrcweir+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, 2723*cdf0e10cSrcweir+ out, outSize, 1); 2724*cdf0e10cSrcweir+ if(ret < 0) { 2725*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2726*cdf0e10cSrcweir+ NULL, 2727*cdf0e10cSrcweir+ "xmlSecNssKWDes3Encrypt", 2728*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2729*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2730*cdf0e10cSrcweir+ return(-1); 2731*cdf0e10cSrcweir+ } 2732*cdf0e10cSrcweir+ 2733*cdf0e10cSrcweir+ /* step 6: construct TEMP2=IV || TEMP1 */ 2734*cdf0e10cSrcweir+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, 2735*cdf0e10cSrcweir+ inSize + XMLSEC_NSS_DES3_IV_LENGTH); 2736*cdf0e10cSrcweir+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); 2737*cdf0e10cSrcweir+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; 2738*cdf0e10cSrcweir+ 2739*cdf0e10cSrcweir+ /* step 7: reverse octets order, result is TEMP3 */ 2740*cdf0e10cSrcweir+ ret = xmlSecNssKWDes3BufferReverse(out, s); 2741*cdf0e10cSrcweir+ if(ret < 0) { 2742*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2743*cdf0e10cSrcweir+ NULL, 2744*cdf0e10cSrcweir+ "xmlSecNssKWDes3BufferReverse", 2745*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2746*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2747*cdf0e10cSrcweir+ return(-1); 2748*cdf0e10cSrcweir+ } 2749*cdf0e10cSrcweir+ 2750*cdf0e10cSrcweir+ /* step 8: second encryption with static IV */ 2751*cdf0e10cSrcweir+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2752*cdf0e10cSrcweir+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, 2753*cdf0e10cSrcweir+ out, s, 2754*cdf0e10cSrcweir+ out, outSize, 1); 2755*cdf0e10cSrcweir+ if(ret < 0) { 2756*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2757*cdf0e10cSrcweir+ NULL, 2758*cdf0e10cSrcweir+ "xmlSecNssKWDes3Encrypt", 2759*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2760*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2761*cdf0e10cSrcweir+ return(-1); 2762*cdf0e10cSrcweir+ } 2763*cdf0e10cSrcweir+ s = ret; 2764*cdf0e10cSrcweir+ 2765*cdf0e10cSrcweir+ if( xmlSecBufferSetSize( result , s ) < 0 ) { 2766*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2767*cdf0e10cSrcweir+ NULL, 2768*cdf0e10cSrcweir+ "xmlSecBufferSetSize", 2769*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2770*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2771*cdf0e10cSrcweir+ return(-1); 2772*cdf0e10cSrcweir+ } 2773*cdf0e10cSrcweir+ } else { 2774*cdf0e10cSrcweir+ /* step 2: first decryption with static IV, result is TEMP3 */ 2775*cdf0e10cSrcweir+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2776*cdf0e10cSrcweir+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, 2777*cdf0e10cSrcweir+ in, inSize, 2778*cdf0e10cSrcweir+ out, outSize, 0); 2779*cdf0e10cSrcweir+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { 2780*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2781*cdf0e10cSrcweir+ NULL, 2782*cdf0e10cSrcweir+ "xmlSecNssKWDes3Encrypt", 2783*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2784*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2785*cdf0e10cSrcweir+ return(-1); 2786*cdf0e10cSrcweir+ } 2787*cdf0e10cSrcweir+ s = ret; 2788*cdf0e10cSrcweir+ 2789*cdf0e10cSrcweir+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ 2790*cdf0e10cSrcweir+ ret = xmlSecNssKWDes3BufferReverse(out, s); 2791*cdf0e10cSrcweir+ if(ret < 0) { 2792*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2793*cdf0e10cSrcweir+ NULL, 2794*cdf0e10cSrcweir+ "xmlSecNssKWDes3BufferReverse", 2795*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2796*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2797*cdf0e10cSrcweir+ return(-1); 2798*cdf0e10cSrcweir+ } 2799*cdf0e10cSrcweir+ 2800*cdf0e10cSrcweir+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ 2801*cdf0e10cSrcweir+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2802*cdf0e10cSrcweir+ out, XMLSEC_NSS_DES3_IV_LENGTH, 2803*cdf0e10cSrcweir+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, 2804*cdf0e10cSrcweir+ out, outSize, 0); 2805*cdf0e10cSrcweir+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { 2806*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2807*cdf0e10cSrcweir+ NULL, 2808*cdf0e10cSrcweir+ "xmlSecNssKWDes3Encrypt", 2809*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2810*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2811*cdf0e10cSrcweir+ return(-1); 2812*cdf0e10cSrcweir+ } 2813*cdf0e10cSrcweir+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; 2814*cdf0e10cSrcweir+ 2815*cdf0e10cSrcweir+ /* steps 6 and 7: calculate SHA1 and validate it */ 2816*cdf0e10cSrcweir+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { 2817*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2818*cdf0e10cSrcweir+ NULL, 2819*cdf0e10cSrcweir+ "xmlSecNssComputeSHA1", 2820*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2821*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2822*cdf0e10cSrcweir+ return(-1); 2823*cdf0e10cSrcweir+ } 2824*cdf0e10cSrcweir+ 2825*cdf0e10cSrcweir+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { 2826*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2827*cdf0e10cSrcweir+ NULL, 2828*cdf0e10cSrcweir+ NULL, 2829*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_DATA, 2830*cdf0e10cSrcweir+ "SHA1 does not match"); 2831*cdf0e10cSrcweir+ return(-1); 2832*cdf0e10cSrcweir+ } 2833*cdf0e10cSrcweir+ 2834*cdf0e10cSrcweir+ if( xmlSecBufferSetSize( result , s ) < 0 ) { 2835*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 2836*cdf0e10cSrcweir+ NULL, 2837*cdf0e10cSrcweir+ "xmlSecBufferSetSize", 2838*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2839*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 2840*cdf0e10cSrcweir+ return(-1); 2841*cdf0e10cSrcweir+ } 2842*cdf0e10cSrcweir+ } 2843*cdf0e10cSrcweir+ 2844*cdf0e10cSrcweir+ return(0); 2845*cdf0e10cSrcweir+} 2846*cdf0e10cSrcweir+ 2847*cdf0e10cSrcweir+static int 2848*cdf0e10cSrcweir+xmlSecNssKeyWrapAesOp( 2849*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr ctx , 2850*cdf0e10cSrcweir+ int encrypt , 2851*cdf0e10cSrcweir+ xmlSecBufferPtr result 2852*cdf0e10cSrcweir+) { 2853*cdf0e10cSrcweir+ PK11Context* cipherCtx = NULL; 2854*cdf0e10cSrcweir+ SECItem ivItem ; 2855*cdf0e10cSrcweir+ SECItem* secParam = NULL ; 2856*cdf0e10cSrcweir+ xmlSecSize inSize ; 2857*cdf0e10cSrcweir+ xmlSecSize inBlocks ; 2858*cdf0e10cSrcweir+ int blockSize ; 2859*cdf0e10cSrcweir+ int midSize ; 2860*cdf0e10cSrcweir+ int finSize ; 2861*cdf0e10cSrcweir+ xmlSecByte* out ; 2862*cdf0e10cSrcweir+ xmlSecSize outSize; 2863*cdf0e10cSrcweir+ 2864*cdf0e10cSrcweir+ xmlSecAssert2( ctx != NULL , -1 ) ; 2865*cdf0e10cSrcweir+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2866*cdf0e10cSrcweir+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2867*cdf0e10cSrcweir+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2868*cdf0e10cSrcweir+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2869*cdf0e10cSrcweir+ xmlSecAssert2( result != NULL , -1 ) ; 2870*cdf0e10cSrcweir+ 2871*cdf0e10cSrcweir+ /* Do not set any IV */ 2872*cdf0e10cSrcweir+ memset(&ivItem, 0, sizeof(ivItem)); 2873*cdf0e10cSrcweir+ 2874*cdf0e10cSrcweir+ /* Get block size */ 2875*cdf0e10cSrcweir+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 2876*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2877*cdf0e10cSrcweir+ NULL , 2878*cdf0e10cSrcweir+ "PK11_GetBlockSize" , 2879*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2880*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2881*cdf0e10cSrcweir+ return(-1); 2882*cdf0e10cSrcweir+ } 2883*cdf0e10cSrcweir+ 2884*cdf0e10cSrcweir+ inSize = xmlSecBufferGetSize( ctx->material ) ; 2885*cdf0e10cSrcweir+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { 2886*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2887*cdf0e10cSrcweir+ NULL , 2888*cdf0e10cSrcweir+ "xmlSecBufferSetMaxSize" , 2889*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2890*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2891*cdf0e10cSrcweir+ return(-1); 2892*cdf0e10cSrcweir+ } 2893*cdf0e10cSrcweir+ 2894*cdf0e10cSrcweir+ /* Get Param for context initialization */ 2895*cdf0e10cSrcweir+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { 2896*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2897*cdf0e10cSrcweir+ NULL , 2898*cdf0e10cSrcweir+ "PK11_ParamFromIV" , 2899*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2900*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2901*cdf0e10cSrcweir+ return(-1); 2902*cdf0e10cSrcweir+ } 2903*cdf0e10cSrcweir+ 2904*cdf0e10cSrcweir+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; 2905*cdf0e10cSrcweir+ if( cipherCtx == NULL ) { 2906*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2907*cdf0e10cSrcweir+ NULL , 2908*cdf0e10cSrcweir+ "PK11_CreateContextBySymKey" , 2909*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2910*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2911*cdf0e10cSrcweir+ SECITEM_FreeItem( secParam , PR_TRUE ) ; 2912*cdf0e10cSrcweir+ return(-1); 2913*cdf0e10cSrcweir+ } 2914*cdf0e10cSrcweir+ 2915*cdf0e10cSrcweir+ out = xmlSecBufferGetData(result) ; 2916*cdf0e10cSrcweir+ outSize = xmlSecBufferGetMaxSize(result) ; 2917*cdf0e10cSrcweir+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { 2918*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2919*cdf0e10cSrcweir+ NULL , 2920*cdf0e10cSrcweir+ "PK11_CipherOp" , 2921*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2922*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2923*cdf0e10cSrcweir+ return(-1); 2924*cdf0e10cSrcweir+ } 2925*cdf0e10cSrcweir+ 2926*cdf0e10cSrcweir+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { 2927*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2928*cdf0e10cSrcweir+ NULL , 2929*cdf0e10cSrcweir+ "PK11_DigestFinal" , 2930*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2931*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2932*cdf0e10cSrcweir+ return(-1); 2933*cdf0e10cSrcweir+ } 2934*cdf0e10cSrcweir+ 2935*cdf0e10cSrcweir+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { 2936*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2937*cdf0e10cSrcweir+ NULL , 2938*cdf0e10cSrcweir+ "xmlSecBufferSetSize" , 2939*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2940*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2941*cdf0e10cSrcweir+ return(-1); 2942*cdf0e10cSrcweir+ } 2943*cdf0e10cSrcweir+ 2944*cdf0e10cSrcweir+ return 0 ; 2945*cdf0e10cSrcweir+} 2946*cdf0e10cSrcweir+ 2947*cdf0e10cSrcweir+/** 2948*cdf0e10cSrcweir+ * Block cipher transform final 2949*cdf0e10cSrcweir+ */ 2950*cdf0e10cSrcweir+static int 2951*cdf0e10cSrcweir+xmlSecNssKeyWrapCtxFinal( 2952*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr ctx , 2953*cdf0e10cSrcweir+ xmlSecBufferPtr in , 2954*cdf0e10cSrcweir+ xmlSecBufferPtr out , 2955*cdf0e10cSrcweir+ int encrypt , 2956*cdf0e10cSrcweir+ xmlSecTransformCtxPtr transformCtx 2957*cdf0e10cSrcweir+) { 2958*cdf0e10cSrcweir+ PK11SymKey* targetKey ; 2959*cdf0e10cSrcweir+ xmlSecSize blockSize ; 2960*cdf0e10cSrcweir+ xmlSecBufferPtr result ; 2961*cdf0e10cSrcweir+ 2962*cdf0e10cSrcweir+ xmlSecAssert2( ctx != NULL , -1 ) ; 2963*cdf0e10cSrcweir+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2964*cdf0e10cSrcweir+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2965*cdf0e10cSrcweir+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2966*cdf0e10cSrcweir+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2967*cdf0e10cSrcweir+ xmlSecAssert2( in != NULL , -1 ) ; 2968*cdf0e10cSrcweir+ xmlSecAssert2( out != NULL , -1 ) ; 2969*cdf0e10cSrcweir+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 2970*cdf0e10cSrcweir+ 2971*cdf0e10cSrcweir+ /* read raw key material and append into context */ 2972*cdf0e10cSrcweir+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { 2973*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2974*cdf0e10cSrcweir+ NULL , 2975*cdf0e10cSrcweir+ "xmlSecBufferAppend" , 2976*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2977*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2978*cdf0e10cSrcweir+ return(-1); 2979*cdf0e10cSrcweir+ } 2980*cdf0e10cSrcweir+ 2981*cdf0e10cSrcweir+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { 2982*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2983*cdf0e10cSrcweir+ NULL , 2984*cdf0e10cSrcweir+ "xmlSecBufferRemoveHead" , 2985*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2986*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2987*cdf0e10cSrcweir+ return(-1); 2988*cdf0e10cSrcweir+ } 2989*cdf0e10cSrcweir+ 2990*cdf0e10cSrcweir+ /* Now we get all of the key materail */ 2991*cdf0e10cSrcweir+ /* from now on we will wrap or unwrap the key */ 2992*cdf0e10cSrcweir+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 2993*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 2994*cdf0e10cSrcweir+ NULL , 2995*cdf0e10cSrcweir+ "PK11_GetBlockSize" , 2996*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2997*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2998*cdf0e10cSrcweir+ return(-1); 2999*cdf0e10cSrcweir+ } 3000*cdf0e10cSrcweir+ 3001*cdf0e10cSrcweir+ result = xmlSecBufferCreate( blockSize ) ; 3002*cdf0e10cSrcweir+ if( result == NULL ) { 3003*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3004*cdf0e10cSrcweir+ NULL , 3005*cdf0e10cSrcweir+ "xmlSecBufferCreate" , 3006*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3007*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3008*cdf0e10cSrcweir+ return(-1); 3009*cdf0e10cSrcweir+ } 3010*cdf0e10cSrcweir+ 3011*cdf0e10cSrcweir+ switch( ctx->cipher ) { 3012*cdf0e10cSrcweir+ case CKM_DES3_CBC : 3013*cdf0e10cSrcweir+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { 3014*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3015*cdf0e10cSrcweir+ NULL , 3016*cdf0e10cSrcweir+ "xmlSecNssKeyWrapDesOp" , 3017*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3018*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3019*cdf0e10cSrcweir+ xmlSecBufferDestroy(result); 3020*cdf0e10cSrcweir+ return(-1); 3021*cdf0e10cSrcweir+ } 3022*cdf0e10cSrcweir+ break ; 3023*cdf0e10cSrcweir+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ 3024*cdf0e10cSrcweir+ case CKM_AES_CBC : 3025*cdf0e10cSrcweir+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { 3026*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3027*cdf0e10cSrcweir+ NULL , 3028*cdf0e10cSrcweir+ "xmlSecNssKeyWrapAesOp" , 3029*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3030*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3031*cdf0e10cSrcweir+ xmlSecBufferDestroy(result); 3032*cdf0e10cSrcweir+ return(-1); 3033*cdf0e10cSrcweir+ } 3034*cdf0e10cSrcweir+ break ; 3035*cdf0e10cSrcweir+ } 3036*cdf0e10cSrcweir+ 3037*cdf0e10cSrcweir+ /* Write output */ 3038*cdf0e10cSrcweir+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { 3039*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3040*cdf0e10cSrcweir+ NULL , 3041*cdf0e10cSrcweir+ "xmlSecBufferAppend" , 3042*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3043*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3044*cdf0e10cSrcweir+ xmlSecBufferDestroy(result); 3045*cdf0e10cSrcweir+ return(-1); 3046*cdf0e10cSrcweir+ } 3047*cdf0e10cSrcweir+ xmlSecBufferDestroy(result); 3048*cdf0e10cSrcweir+ 3049*cdf0e10cSrcweir+ return(0); 3050*cdf0e10cSrcweir+} 3051*cdf0e10cSrcweir+ 3052*cdf0e10cSrcweir+static int 3053*cdf0e10cSrcweir+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { 3054*cdf0e10cSrcweir+ xmlSecNssKeyWrapCtxPtr context = NULL ; 3055*cdf0e10cSrcweir+ xmlSecBufferPtr inBuf, outBuf ; 3056*cdf0e10cSrcweir+ int operation ; 3057*cdf0e10cSrcweir+ int rtv ; 3058*cdf0e10cSrcweir+ 3059*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; 3060*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; 3061*cdf0e10cSrcweir+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; 3062*cdf0e10cSrcweir+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 3063*cdf0e10cSrcweir+ 3064*cdf0e10cSrcweir+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 3065*cdf0e10cSrcweir+ if( context == NULL ) { 3066*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3067*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3068*cdf0e10cSrcweir+ "xmlSecNssKeyWrapGetCtx" , 3069*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3070*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3071*cdf0e10cSrcweir+ return(-1); 3072*cdf0e10cSrcweir+ } 3073*cdf0e10cSrcweir+ 3074*cdf0e10cSrcweir+ inBuf = &( transform->inBuf ) ; 3075*cdf0e10cSrcweir+ outBuf = &( transform->outBuf ) ; 3076*cdf0e10cSrcweir+ 3077*cdf0e10cSrcweir+ if( transform->status == xmlSecTransformStatusNone ) { 3078*cdf0e10cSrcweir+ transform->status = xmlSecTransformStatusWorking ; 3079*cdf0e10cSrcweir+ } 3080*cdf0e10cSrcweir+ 3081*cdf0e10cSrcweir+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; 3082*cdf0e10cSrcweir+ if( transform->status == xmlSecTransformStatusWorking ) { 3083*cdf0e10cSrcweir+ if( context->material == NULL ) { 3084*cdf0e10cSrcweir+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; 3085*cdf0e10cSrcweir+ if( rtv < 0 ) { 3086*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3087*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3088*cdf0e10cSrcweir+ "xmlSecNssKeyWrapCtxInit" , 3089*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_STATUS , 3090*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3091*cdf0e10cSrcweir+ return(-1); 3092*cdf0e10cSrcweir+ } 3093*cdf0e10cSrcweir+ } 3094*cdf0e10cSrcweir+ 3095*cdf0e10cSrcweir+ if( context->material == NULL && last != 0 ) { 3096*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3097*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3098*cdf0e10cSrcweir+ NULL , 3099*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_STATUS , 3100*cdf0e10cSrcweir+ "No enough data to intialize transform" ) ; 3101*cdf0e10cSrcweir+ return(-1); 3102*cdf0e10cSrcweir+ } 3103*cdf0e10cSrcweir+ 3104*cdf0e10cSrcweir+ if( context->material != NULL ) { 3105*cdf0e10cSrcweir+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; 3106*cdf0e10cSrcweir+ if( rtv < 0 ) { 3107*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3108*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3109*cdf0e10cSrcweir+ "xmlSecNssKeyWrapCtxUpdate" , 3110*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_STATUS , 3111*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3112*cdf0e10cSrcweir+ return(-1); 3113*cdf0e10cSrcweir+ } 3114*cdf0e10cSrcweir+ } 3115*cdf0e10cSrcweir+ 3116*cdf0e10cSrcweir+ if( last ) { 3117*cdf0e10cSrcweir+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; 3118*cdf0e10cSrcweir+ if( rtv < 0 ) { 3119*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3120*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3121*cdf0e10cSrcweir+ "xmlSecNssKeyWrapCtxFinal" , 3122*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_STATUS , 3123*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3124*cdf0e10cSrcweir+ return(-1); 3125*cdf0e10cSrcweir+ } 3126*cdf0e10cSrcweir+ transform->status = xmlSecTransformStatusFinished ; 3127*cdf0e10cSrcweir+ } 3128*cdf0e10cSrcweir+ } else if( transform->status == xmlSecTransformStatusFinished ) { 3129*cdf0e10cSrcweir+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { 3130*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3131*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3132*cdf0e10cSrcweir+ NULL , 3133*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_STATUS , 3134*cdf0e10cSrcweir+ "status=%d", transform->status ) ; 3135*cdf0e10cSrcweir+ return(-1); 3136*cdf0e10cSrcweir+ } 3137*cdf0e10cSrcweir+ } else { 3138*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3139*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3140*cdf0e10cSrcweir+ NULL , 3141*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_STATUS , 3142*cdf0e10cSrcweir+ "status=%d", transform->status ) ; 3143*cdf0e10cSrcweir+ return(-1); 3144*cdf0e10cSrcweir+ } 3145*cdf0e10cSrcweir+ 3146*cdf0e10cSrcweir+ return(0); 3147*cdf0e10cSrcweir+} 3148*cdf0e10cSrcweir+ 3149*cdf0e10cSrcweir+#ifndef XMLSEC_NO_AES 3150*cdf0e10cSrcweir+ 3151*cdf0e10cSrcweir+ 3152*cdf0e10cSrcweir+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3153*cdf0e10cSrcweir+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { 3154*cdf0e10cSrcweir+#else 3155*cdf0e10cSrcweir+static xmlSecTransformKlass xmlSecNssKWAes128Klass = { 3156*cdf0e10cSrcweir+#endif 3157*cdf0e10cSrcweir+ /* klass/object sizes */ 3158*cdf0e10cSrcweir+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3159*cdf0e10cSrcweir+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3160*cdf0e10cSrcweir+ 3161*cdf0e10cSrcweir+ xmlSecNameKWAes128, /* const xmlChar* name; */ 3162*cdf0e10cSrcweir+ xmlSecHrefKWAes128, /* const xmlChar* href; */ 3163*cdf0e10cSrcweir+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3164*cdf0e10cSrcweir+ 3165*cdf0e10cSrcweir+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3166*cdf0e10cSrcweir+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3167*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3168*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3169*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3170*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3171*cdf0e10cSrcweir+ NULL, /* xmlSecTransformValidateMethod validate; */ 3172*cdf0e10cSrcweir+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3173*cdf0e10cSrcweir+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3174*cdf0e10cSrcweir+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3175*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3176*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3177*cdf0e10cSrcweir+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3178*cdf0e10cSrcweir+ 3179*cdf0e10cSrcweir+ NULL, /* void* reserved0; */ 3180*cdf0e10cSrcweir+ NULL, /* void* reserved1; */ 3181*cdf0e10cSrcweir+}; 3182*cdf0e10cSrcweir+ 3183*cdf0e10cSrcweir+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3184*cdf0e10cSrcweir+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { 3185*cdf0e10cSrcweir+#else 3186*cdf0e10cSrcweir+static xmlSecTransformKlass xmlSecNssKWAes192Klass = { 3187*cdf0e10cSrcweir+#endif 3188*cdf0e10cSrcweir+ /* klass/object sizes */ 3189*cdf0e10cSrcweir+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3190*cdf0e10cSrcweir+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3191*cdf0e10cSrcweir+ 3192*cdf0e10cSrcweir+ xmlSecNameKWAes192, /* const xmlChar* name; */ 3193*cdf0e10cSrcweir+ xmlSecHrefKWAes192, /* const xmlChar* href; */ 3194*cdf0e10cSrcweir+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3195*cdf0e10cSrcweir+ 3196*cdf0e10cSrcweir+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3197*cdf0e10cSrcweir+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3198*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3199*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3200*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3201*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3202*cdf0e10cSrcweir+ NULL, /* xmlSecTransformValidateMethod validate; */ 3203*cdf0e10cSrcweir+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3204*cdf0e10cSrcweir+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3205*cdf0e10cSrcweir+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3206*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3207*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3208*cdf0e10cSrcweir+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3209*cdf0e10cSrcweir+ 3210*cdf0e10cSrcweir+ NULL, /* void* reserved0; */ 3211*cdf0e10cSrcweir+ NULL, /* void* reserved1; */ 3212*cdf0e10cSrcweir+}; 3213*cdf0e10cSrcweir+ 3214*cdf0e10cSrcweir+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3215*cdf0e10cSrcweir+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { 3216*cdf0e10cSrcweir+#else 3217*cdf0e10cSrcweir+static xmlSecTransformKlass xmlSecNssKWAes256Klass = { 3218*cdf0e10cSrcweir+#endif 3219*cdf0e10cSrcweir+ /* klass/object sizes */ 3220*cdf0e10cSrcweir+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3221*cdf0e10cSrcweir+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3222*cdf0e10cSrcweir+ 3223*cdf0e10cSrcweir+ xmlSecNameKWAes256, /* const xmlChar* name; */ 3224*cdf0e10cSrcweir+ xmlSecHrefKWAes256, /* const xmlChar* href; */ 3225*cdf0e10cSrcweir+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3226*cdf0e10cSrcweir+ 3227*cdf0e10cSrcweir+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3228*cdf0e10cSrcweir+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3229*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3230*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3231*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3232*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3233*cdf0e10cSrcweir+ NULL, /* xmlSecTransformValidateMethod validate; */ 3234*cdf0e10cSrcweir+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3235*cdf0e10cSrcweir+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3236*cdf0e10cSrcweir+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3237*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3238*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3239*cdf0e10cSrcweir+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3240*cdf0e10cSrcweir+ 3241*cdf0e10cSrcweir+ NULL, /* void* reserved0; */ 3242*cdf0e10cSrcweir+ NULL, /* void* reserved1; */ 3243*cdf0e10cSrcweir+}; 3244*cdf0e10cSrcweir+ 3245*cdf0e10cSrcweir+/** 3246*cdf0e10cSrcweir+ * xmlSecNssTransformKWAes128GetKlass: 3247*cdf0e10cSrcweir+ * 3248*cdf0e10cSrcweir+ * The AES-128 key wrapper transform klass. 3249*cdf0e10cSrcweir+ * 3250*cdf0e10cSrcweir+ * Returns AES-128 key wrapper transform klass. 3251*cdf0e10cSrcweir+ */ 3252*cdf0e10cSrcweir+xmlSecTransformId 3253*cdf0e10cSrcweir+xmlSecNssTransformKWAes128GetKlass(void) { 3254*cdf0e10cSrcweir+ return(&xmlSecNssKWAes128Klass); 3255*cdf0e10cSrcweir+} 3256*cdf0e10cSrcweir+ 3257*cdf0e10cSrcweir+/** 3258*cdf0e10cSrcweir+ * xmlSecNssTransformKWAes192GetKlass: 3259*cdf0e10cSrcweir+ * 3260*cdf0e10cSrcweir+ * The AES-192 key wrapper transform klass. 3261*cdf0e10cSrcweir+ * 3262*cdf0e10cSrcweir+ * Returns AES-192 key wrapper transform klass. 3263*cdf0e10cSrcweir+ */ 3264*cdf0e10cSrcweir+xmlSecTransformId 3265*cdf0e10cSrcweir+xmlSecNssTransformKWAes192GetKlass(void) { 3266*cdf0e10cSrcweir+ return(&xmlSecNssKWAes192Klass); 3267*cdf0e10cSrcweir+} 3268*cdf0e10cSrcweir+ 3269*cdf0e10cSrcweir+/** 3270*cdf0e10cSrcweir+ * 3271*cdf0e10cSrcweir+ * The AES-256 key wrapper transform klass. 3272*cdf0e10cSrcweir+ * 3273*cdf0e10cSrcweir+ * Returns AES-256 key wrapper transform klass. 3274*cdf0e10cSrcweir+ */ 3275*cdf0e10cSrcweir+xmlSecTransformId 3276*cdf0e10cSrcweir+xmlSecNssTransformKWAes256GetKlass(void) { 3277*cdf0e10cSrcweir+ return(&xmlSecNssKWAes256Klass); 3278*cdf0e10cSrcweir+} 3279*cdf0e10cSrcweir+ 3280*cdf0e10cSrcweir+#endif /* XMLSEC_NO_AES */ 3281*cdf0e10cSrcweir+ 3282*cdf0e10cSrcweir+ 3283*cdf0e10cSrcweir+#ifndef XMLSEC_NO_DES 3284*cdf0e10cSrcweir+ 3285*cdf0e10cSrcweir+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3286*cdf0e10cSrcweir+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { 3287*cdf0e10cSrcweir+#else 3288*cdf0e10cSrcweir+static xmlSecTransformKlass xmlSecNssKWDes3Klass = { 3289*cdf0e10cSrcweir+#endif 3290*cdf0e10cSrcweir+ /* klass/object sizes */ 3291*cdf0e10cSrcweir+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3292*cdf0e10cSrcweir+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3293*cdf0e10cSrcweir+ 3294*cdf0e10cSrcweir+ xmlSecNameKWDes3, /* const xmlChar* name; */ 3295*cdf0e10cSrcweir+ xmlSecHrefKWDes3, /* const xmlChar* href; */ 3296*cdf0e10cSrcweir+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3297*cdf0e10cSrcweir+ 3298*cdf0e10cSrcweir+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3299*cdf0e10cSrcweir+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3300*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3301*cdf0e10cSrcweir+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3302*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3303*cdf0e10cSrcweir+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3304*cdf0e10cSrcweir+ NULL, /* xmlSecTransformValidateMethod validate; */ 3305*cdf0e10cSrcweir+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3306*cdf0e10cSrcweir+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3307*cdf0e10cSrcweir+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3308*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3309*cdf0e10cSrcweir+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3310*cdf0e10cSrcweir+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3311*cdf0e10cSrcweir+ 3312*cdf0e10cSrcweir+ NULL, /* void* reserved0; */ 3313*cdf0e10cSrcweir+ NULL, /* void* reserved1; */ 3314*cdf0e10cSrcweir+}; 3315*cdf0e10cSrcweir+ 3316*cdf0e10cSrcweir+/** 3317*cdf0e10cSrcweir+ * xmlSecNssTransformKWDes3GetKlass: 3318*cdf0e10cSrcweir+ * 3319*cdf0e10cSrcweir+ * The Triple DES key wrapper transform klass. 3320*cdf0e10cSrcweir+ * 3321*cdf0e10cSrcweir+ * Returns Triple DES key wrapper transform klass. 3322*cdf0e10cSrcweir+ */ 3323*cdf0e10cSrcweir+xmlSecTransformId 3324*cdf0e10cSrcweir+xmlSecNssTransformKWDes3GetKlass(void) { 3325*cdf0e10cSrcweir+ return(&xmlSecNssKWDes3Klass); 3326*cdf0e10cSrcweir+} 3327*cdf0e10cSrcweir+ 3328*cdf0e10cSrcweir+#endif /* XMLSEC_NO_DES */ 3329*cdf0e10cSrcweir+ 3330*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200 3331*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200 3332*cdf0e10cSrcweir@@ -24,6 +24,7 @@ 3333*cdf0e10cSrcweir #include <xmlsec/nss/crypto.h> 3334*cdf0e10cSrcweir #include <xmlsec/nss/bignum.h> 3335*cdf0e10cSrcweir #include <xmlsec/nss/pkikeys.h> 3336*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 3337*cdf0e10cSrcweir 3338*cdf0e10cSrcweir /************************************************************************** 3339*cdf0e10cSrcweir * 3340*cdf0e10cSrcweir@@ -115,6 +116,8 @@ 3341*cdf0e10cSrcweir xmlSecNssPKIKeyDataCtxPtr ctxSrc) 3342*cdf0e10cSrcweir { 3343*cdf0e10cSrcweir xmlSecNSSPKIKeyDataCtxFree(ctxDst); 3344*cdf0e10cSrcweir+ ctxDst->privkey = NULL ; 3345*cdf0e10cSrcweir+ ctxDst->pubkey = NULL ; 3346*cdf0e10cSrcweir if (ctxSrc->privkey != NULL) { 3347*cdf0e10cSrcweir ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); 3348*cdf0e10cSrcweir if(ctxDst->privkey == NULL) { 3349*cdf0e10cSrcweir@@ -588,13 +591,13 @@ 3350*cdf0e10cSrcweir goto done; 3351*cdf0e10cSrcweir } 3352*cdf0e10cSrcweir 3353*cdf0e10cSrcweir- slot = PK11_GetBestSlot(CKM_DSA, NULL); 3354*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(CKM_DSA); 3355*cdf0e10cSrcweir if(slot == NULL) { 3356*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 3357*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3358*cdf0e10cSrcweir- "PK11_GetBestSlot", 3359*cdf0e10cSrcweir+ "xmlSecNssSlotGet", 3360*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 3361*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 3362*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 3363*cdf0e10cSrcweir ret = -1; 3364*cdf0e10cSrcweir goto done; 3365*cdf0e10cSrcweir } 3366*cdf0e10cSrcweir@@ -792,14 +795,14 @@ 3367*cdf0e10cSrcweir if (slot != NULL) { 3368*cdf0e10cSrcweir PK11_FreeSlot(slot); 3369*cdf0e10cSrcweir } 3370*cdf0e10cSrcweir- if (ret != 0) { 3371*cdf0e10cSrcweir+ 3372*cdf0e10cSrcweir if (pubkey != NULL) { 3373*cdf0e10cSrcweir SECKEY_DestroyPublicKey(pubkey); 3374*cdf0e10cSrcweir } 3375*cdf0e10cSrcweir if (data != NULL) { 3376*cdf0e10cSrcweir xmlSecKeyDataDestroy(data); 3377*cdf0e10cSrcweir } 3378*cdf0e10cSrcweir- } 3379*cdf0e10cSrcweir+ 3380*cdf0e10cSrcweir return(ret); 3381*cdf0e10cSrcweir } 3382*cdf0e10cSrcweir 3383*cdf0e10cSrcweir@@ -818,7 +821,7 @@ 3384*cdf0e10cSrcweir 3385*cdf0e10cSrcweir ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); 3386*cdf0e10cSrcweir xmlSecAssert2(ctx != NULL, -1); 3387*cdf0e10cSrcweir- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); 3388*cdf0e10cSrcweir+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ 3389*cdf0e10cSrcweir 3390*cdf0e10cSrcweir if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { 3391*cdf0e10cSrcweir /* we can have only private key or public key */ 3392*cdf0e10cSrcweir@@ -940,7 +943,8 @@ 3393*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3394*cdf0e10cSrcweir "PK11_PQG_ParamGen", 3395*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 3396*cdf0e10cSrcweir- "size=%d", sizeBits); 3397*cdf0e10cSrcweir+ "size=%d, error code=%d", sizeBits, PORT_GetError()); 3398*cdf0e10cSrcweir+ ret = -1; 3399*cdf0e10cSrcweir goto done; 3400*cdf0e10cSrcweir } 3401*cdf0e10cSrcweir 3402*cdf0e10cSrcweir@@ -950,11 +954,12 @@ 3403*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3404*cdf0e10cSrcweir "PK11_PQG_VerifyParams", 3405*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 3406*cdf0e10cSrcweir- "size=%d", sizeBits); 3407*cdf0e10cSrcweir+ "size=%d, error code=%d", sizeBits, PORT_GetError()); 3408*cdf0e10cSrcweir+ ret = -1; 3409*cdf0e10cSrcweir goto done; 3410*cdf0e10cSrcweir } 3411*cdf0e10cSrcweir 3412*cdf0e10cSrcweir- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); 3413*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); 3414*cdf0e10cSrcweir PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); 3415*cdf0e10cSrcweir privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, 3416*cdf0e10cSrcweir &pubkey, PR_FALSE, PR_TRUE, NULL); 3417*cdf0e10cSrcweir@@ -964,8 +969,9 @@ 3418*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3419*cdf0e10cSrcweir "PK11_GenerateKeyPair", 3420*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 3421*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 3422*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 3423*cdf0e10cSrcweir 3424*cdf0e10cSrcweir+ ret = -1; 3425*cdf0e10cSrcweir goto done; 3426*cdf0e10cSrcweir } 3427*cdf0e10cSrcweir 3428*cdf0e10cSrcweir@@ -979,6 +985,8 @@ 3429*cdf0e10cSrcweir goto done; 3430*cdf0e10cSrcweir } 3431*cdf0e10cSrcweir 3432*cdf0e10cSrcweir+ privkey = NULL ; 3433*cdf0e10cSrcweir+ pubkey = NULL ; 3434*cdf0e10cSrcweir ret = 0; 3435*cdf0e10cSrcweir 3436*cdf0e10cSrcweir done: 3437*cdf0e10cSrcweir@@ -991,16 +999,13 @@ 3438*cdf0e10cSrcweir if (pqgVerify != NULL) { 3439*cdf0e10cSrcweir PK11_PQG_DestroyVerify(pqgVerify); 3440*cdf0e10cSrcweir } 3441*cdf0e10cSrcweir- if (ret == 0) { 3442*cdf0e10cSrcweir- return (0); 3443*cdf0e10cSrcweir- } 3444*cdf0e10cSrcweir if (pubkey != NULL) { 3445*cdf0e10cSrcweir SECKEY_DestroyPublicKey(pubkey); 3446*cdf0e10cSrcweir } 3447*cdf0e10cSrcweir if (privkey != NULL) { 3448*cdf0e10cSrcweir SECKEY_DestroyPrivateKey(privkey); 3449*cdf0e10cSrcweir } 3450*cdf0e10cSrcweir- return(-1); 3451*cdf0e10cSrcweir+ return(ret); 3452*cdf0e10cSrcweir } 3453*cdf0e10cSrcweir 3454*cdf0e10cSrcweir static xmlSecKeyDataType 3455*cdf0e10cSrcweir@@ -1010,10 +1015,10 @@ 3456*cdf0e10cSrcweir xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); 3457*cdf0e10cSrcweir ctx = xmlSecNssPKIKeyDataGetCtx(data); 3458*cdf0e10cSrcweir xmlSecAssert2(ctx != NULL, -1); 3459*cdf0e10cSrcweir- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); 3460*cdf0e10cSrcweir+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ 3461*cdf0e10cSrcweir if (ctx->privkey != NULL) { 3462*cdf0e10cSrcweir return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); 3463*cdf0e10cSrcweir- } else { 3464*cdf0e10cSrcweir+ } else if( ctx->pubkey != NULL ) { 3465*cdf0e10cSrcweir return(xmlSecKeyDataTypePublic); 3466*cdf0e10cSrcweir } 3467*cdf0e10cSrcweir 3468*cdf0e10cSrcweir@@ -1027,7 +1032,7 @@ 3469*cdf0e10cSrcweir xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); 3470*cdf0e10cSrcweir ctx = xmlSecNssPKIKeyDataGetCtx(data); 3471*cdf0e10cSrcweir xmlSecAssert2(ctx != NULL, -1); 3472*cdf0e10cSrcweir- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); 3473*cdf0e10cSrcweir+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ 3474*cdf0e10cSrcweir 3475*cdf0e10cSrcweir return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); 3476*cdf0e10cSrcweir } 3477*cdf0e10cSrcweir@@ -1216,13 +1221,13 @@ 3478*cdf0e10cSrcweir goto done; 3479*cdf0e10cSrcweir } 3480*cdf0e10cSrcweir 3481*cdf0e10cSrcweir- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); 3482*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS); 3483*cdf0e10cSrcweir if(slot == NULL) { 3484*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 3485*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3486*cdf0e10cSrcweir- "PK11_GetBestSlot", 3487*cdf0e10cSrcweir+ "xmlSecNssSlotGet", 3488*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 3489*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 3490*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 3491*cdf0e10cSrcweir ret = -1; 3492*cdf0e10cSrcweir goto done; 3493*cdf0e10cSrcweir } 3494*cdf0e10cSrcweir@@ -1384,7 +1389,7 @@ 3495*cdf0e10cSrcweir 3496*cdf0e10cSrcweir ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); 3497*cdf0e10cSrcweir xmlSecAssert2(ctx != NULL, -1); 3498*cdf0e10cSrcweir- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); 3499*cdf0e10cSrcweir+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ 3500*cdf0e10cSrcweir 3501*cdf0e10cSrcweir 3502*cdf0e10cSrcweir if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { 3503*cdf0e10cSrcweir@@ -1455,7 +1460,7 @@ 3504*cdf0e10cSrcweir params.keySizeInBits = sizeBits; 3505*cdf0e10cSrcweir params.pe = 65537; 3506*cdf0e10cSrcweir 3507*cdf0e10cSrcweir- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); 3508*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); 3509*cdf0e10cSrcweir PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); 3510*cdf0e10cSrcweir privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, 3511*cdf0e10cSrcweir &pubkey, PR_FALSE, PR_TRUE, NULL); 3512*cdf0e10cSrcweir@@ -1525,7 +1530,7 @@ 3513*cdf0e10cSrcweir 3514*cdf0e10cSrcweir ctx = xmlSecNssPKIKeyDataGetCtx(data); 3515*cdf0e10cSrcweir xmlSecAssert2(ctx != NULL, -1); 3516*cdf0e10cSrcweir- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); 3517*cdf0e10cSrcweir+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ 3518*cdf0e10cSrcweir 3519*cdf0e10cSrcweir return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); 3520*cdf0e10cSrcweir } 3521*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200 3522*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200 3523*cdf0e10cSrcweir@@ -15,20 +15,41 @@ 3524*cdf0e10cSrcweir #include <stdio.h> 3525*cdf0e10cSrcweir #include <string.h> 3526*cdf0e10cSrcweir 3527*cdf0e10cSrcweir+#include <pk11func.h> 3528*cdf0e10cSrcweir+#include <nss.h> 3529*cdf0e10cSrcweir+ 3530*cdf0e10cSrcweir #include <xmlsec/xmlsec.h> 3531*cdf0e10cSrcweir #include <xmlsec/xmltree.h> 3532*cdf0e10cSrcweir+#include <xmlsec/base64.h> 3533*cdf0e10cSrcweir #include <xmlsec/keys.h> 3534*cdf0e10cSrcweir #include <xmlsec/keyinfo.h> 3535*cdf0e10cSrcweir #include <xmlsec/transforms.h> 3536*cdf0e10cSrcweir #include <xmlsec/errors.h> 3537*cdf0e10cSrcweir 3538*cdf0e10cSrcweir #include <xmlsec/nss/crypto.h> 3539*cdf0e10cSrcweir+#include <xmlsec/nss/ciphers.h> 3540*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 3541*cdf0e10cSrcweir 3542*cdf0e10cSrcweir /***************************************************************************** 3543*cdf0e10cSrcweir * 3544*cdf0e10cSrcweir- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary 3545*cdf0e10cSrcweir+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey 3546*cdf0e10cSrcweir * 3547*cdf0e10cSrcweir ****************************************************************************/ 3548*cdf0e10cSrcweir+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; 3549*cdf0e10cSrcweir+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; 3550*cdf0e10cSrcweir+ 3551*cdf0e10cSrcweir+struct _xmlSecNssSymKeyDataCtx { 3552*cdf0e10cSrcweir+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ 3553*cdf0e10cSrcweir+ PK11SlotInfo* slot ; /* the key resident slot */ 3554*cdf0e10cSrcweir+ PK11SymKey* symkey ; /* the symmetic key */ 3555*cdf0e10cSrcweir+} ; 3556*cdf0e10cSrcweir+ 3557*cdf0e10cSrcweir+#define xmlSecNssSymKeyDataSize \ 3558*cdf0e10cSrcweir+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) 3559*cdf0e10cSrcweir+ 3560*cdf0e10cSrcweir+#define xmlSecNssSymKeyDataGetCtx( data ) \ 3561*cdf0e10cSrcweir+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) 3562*cdf0e10cSrcweir+ 3563*cdf0e10cSrcweir static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); 3564*cdf0e10cSrcweir static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, 3565*cdf0e10cSrcweir xmlSecKeyDataPtr src); 3566*cdf0e10cSrcweir@@ -67,107 +88,743 @@ 3567*cdf0e10cSrcweir (xmlSecKeyDataIsValid((data)) && \ 3568*cdf0e10cSrcweir xmlSecNssSymKeyDataKlassCheck((data)->id)) 3569*cdf0e10cSrcweir 3570*cdf0e10cSrcweir+/** 3571*cdf0e10cSrcweir+ * xmlSecNssSymKeyDataAdoptKey: 3572*cdf0e10cSrcweir+ * @data: the pointer to symmetric key data. 3573*cdf0e10cSrcweir+ * @symkey: the symmetric key 3574*cdf0e10cSrcweir+ * 3575*cdf0e10cSrcweir+ * Set the value of symmetric key data. 3576*cdf0e10cSrcweir+ * 3577*cdf0e10cSrcweir+ * Returns 0 on success or a negative value if an error occurs. 3578*cdf0e10cSrcweir+ */ 3579*cdf0e10cSrcweir+int 3580*cdf0e10cSrcweir+xmlSecNssSymKeyDataAdoptKey( 3581*cdf0e10cSrcweir+ xmlSecKeyDataPtr data , 3582*cdf0e10cSrcweir+ PK11SymKey* symkey 3583*cdf0e10cSrcweir+) { 3584*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr context = NULL ; 3585*cdf0e10cSrcweir+ 3586*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; 3587*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; 3588*cdf0e10cSrcweir+ xmlSecAssert2( symkey != NULL, -1 ) ; 3589*cdf0e10cSrcweir+ 3590*cdf0e10cSrcweir+ context = xmlSecNssSymKeyDataGetCtx( data ) ; 3591*cdf0e10cSrcweir+ xmlSecAssert2(context != NULL, -1); 3592*cdf0e10cSrcweir+ 3593*cdf0e10cSrcweir+ context->cipher = PK11_GetMechanism( symkey ) ; 3594*cdf0e10cSrcweir+ 3595*cdf0e10cSrcweir+ if( context->slot != NULL ) { 3596*cdf0e10cSrcweir+ PK11_FreeSlot( context->slot ) ; 3597*cdf0e10cSrcweir+ context->slot = NULL ; 3598*cdf0e10cSrcweir+ } 3599*cdf0e10cSrcweir+ context->slot = PK11_GetSlotFromKey( symkey ) ; 3600*cdf0e10cSrcweir+ 3601*cdf0e10cSrcweir+ if( context->symkey != NULL ) { 3602*cdf0e10cSrcweir+ PK11_FreeSymKey( context->symkey ) ; 3603*cdf0e10cSrcweir+ context->symkey = NULL ; 3604*cdf0e10cSrcweir+ } 3605*cdf0e10cSrcweir+ context->symkey = PK11_ReferenceSymKey( symkey ) ; 3606*cdf0e10cSrcweir+ 3607*cdf0e10cSrcweir+ return 0 ; 3608*cdf0e10cSrcweir+} 3609*cdf0e10cSrcweir+ 3610*cdf0e10cSrcweir+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( 3611*cdf0e10cSrcweir+ PK11SymKey* symKey 3612*cdf0e10cSrcweir+) { 3613*cdf0e10cSrcweir+ xmlSecKeyDataPtr data = NULL ; 3614*cdf0e10cSrcweir+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; 3615*cdf0e10cSrcweir+ 3616*cdf0e10cSrcweir+ xmlSecAssert2( symKey != NULL , NULL ) ; 3617*cdf0e10cSrcweir+ 3618*cdf0e10cSrcweir+ mechanism = PK11_GetMechanism( symKey ) ; 3619*cdf0e10cSrcweir+ switch( mechanism ) { 3620*cdf0e10cSrcweir+ case CKM_DES3_KEY_GEN : 3621*cdf0e10cSrcweir+ case CKM_DES3_CBC : 3622*cdf0e10cSrcweir+ case CKM_DES3_MAC : 3623*cdf0e10cSrcweir+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; 3624*cdf0e10cSrcweir+ if( data == NULL ) { 3625*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3626*cdf0e10cSrcweir+ NULL , 3627*cdf0e10cSrcweir+ "xmlSecKeyDataCreate" , 3628*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3629*cdf0e10cSrcweir+ "xmlSecNssKeyDataDesId" ) ; 3630*cdf0e10cSrcweir+ return NULL ; 3631*cdf0e10cSrcweir+ } 3632*cdf0e10cSrcweir+ break ; 3633*cdf0e10cSrcweir+ case CKM_AES_KEY_GEN : 3634*cdf0e10cSrcweir+ case CKM_AES_CBC : 3635*cdf0e10cSrcweir+ case CKM_AES_MAC : 3636*cdf0e10cSrcweir+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; 3637*cdf0e10cSrcweir+ if( data == NULL ) { 3638*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3639*cdf0e10cSrcweir+ NULL , 3640*cdf0e10cSrcweir+ "xmlSecKeyDataCreate" , 3641*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3642*cdf0e10cSrcweir+ "xmlSecNssKeyDataDesId" ) ; 3643*cdf0e10cSrcweir+ return NULL ; 3644*cdf0e10cSrcweir+ } 3645*cdf0e10cSrcweir+ break ; 3646*cdf0e10cSrcweir+ default : 3647*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3648*cdf0e10cSrcweir+ NULL , 3649*cdf0e10cSrcweir+ NULL , 3650*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3651*cdf0e10cSrcweir+ "Unsupported mechanism" ) ; 3652*cdf0e10cSrcweir+ return NULL ; 3653*cdf0e10cSrcweir+ } 3654*cdf0e10cSrcweir+ 3655*cdf0e10cSrcweir+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { 3656*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3657*cdf0e10cSrcweir+ NULL , 3658*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataAdoptKey" , 3659*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3660*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3661*cdf0e10cSrcweir+ 3662*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3663*cdf0e10cSrcweir+ return NULL ; 3664*cdf0e10cSrcweir+ } 3665*cdf0e10cSrcweir+ 3666*cdf0e10cSrcweir+ return data ; 3667*cdf0e10cSrcweir+} 3668*cdf0e10cSrcweir+ 3669*cdf0e10cSrcweir+ 3670*cdf0e10cSrcweir+PK11SymKey* 3671*cdf0e10cSrcweir+xmlSecNssSymKeyDataGetKey( 3672*cdf0e10cSrcweir+ xmlSecKeyDataPtr data 3673*cdf0e10cSrcweir+) { 3674*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctx; 3675*cdf0e10cSrcweir+ PK11SymKey* symkey ; 3676*cdf0e10cSrcweir+ 3677*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); 3678*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); 3679*cdf0e10cSrcweir+ 3680*cdf0e10cSrcweir+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3681*cdf0e10cSrcweir+ xmlSecAssert2(ctx != NULL, NULL); 3682*cdf0e10cSrcweir+ 3683*cdf0e10cSrcweir+ if( ctx->symkey != NULL ) { 3684*cdf0e10cSrcweir+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; 3685*cdf0e10cSrcweir+ } else { 3686*cdf0e10cSrcweir+ symkey = NULL ; 3687*cdf0e10cSrcweir+ } 3688*cdf0e10cSrcweir+ 3689*cdf0e10cSrcweir+ return(symkey); 3690*cdf0e10cSrcweir+} 3691*cdf0e10cSrcweir+ 3692*cdf0e10cSrcweir static int 3693*cdf0e10cSrcweir xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { 3694*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctx; 3695*cdf0e10cSrcweir+ 3696*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); 3697*cdf0e10cSrcweir- 3698*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueInitialize(data)); 3699*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); 3700*cdf0e10cSrcweir+ 3701*cdf0e10cSrcweir+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3702*cdf0e10cSrcweir+ xmlSecAssert2(ctx != NULL, -1); 3703*cdf0e10cSrcweir+ 3704*cdf0e10cSrcweir+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); 3705*cdf0e10cSrcweir+ 3706*cdf0e10cSrcweir+ /* Set the block cipher mechanism */ 3707*cdf0e10cSrcweir+#ifndef XMLSEC_NO_DES 3708*cdf0e10cSrcweir+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { 3709*cdf0e10cSrcweir+ ctx->cipher = CKM_DES3_KEY_GEN; 3710*cdf0e10cSrcweir+ } else 3711*cdf0e10cSrcweir+#endif /* XMLSEC_NO_DES */ 3712*cdf0e10cSrcweir+ 3713*cdf0e10cSrcweir+#ifndef XMLSEC_NO_AES 3714*cdf0e10cSrcweir+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { 3715*cdf0e10cSrcweir+ ctx->cipher = CKM_AES_KEY_GEN; 3716*cdf0e10cSrcweir+ } else 3717*cdf0e10cSrcweir+#endif /* XMLSEC_NO_AES */ 3718*cdf0e10cSrcweir+ 3719*cdf0e10cSrcweir+ if(1) { 3720*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3721*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3722*cdf0e10cSrcweir+ NULL , 3723*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3724*cdf0e10cSrcweir+ "Unsupported block cipher" ) ; 3725*cdf0e10cSrcweir+ return(-1) ; 3726*cdf0e10cSrcweir+ } 3727*cdf0e10cSrcweir+ 3728*cdf0e10cSrcweir+ return(0); 3729*cdf0e10cSrcweir } 3730*cdf0e10cSrcweir 3731*cdf0e10cSrcweir static int 3732*cdf0e10cSrcweir xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { 3733*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctxDst; 3734*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctxSrc; 3735*cdf0e10cSrcweir+ 3736*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); 3737*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); 3738*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); 3739*cdf0e10cSrcweir+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); 3740*cdf0e10cSrcweir xmlSecAssert2(dst->id == src->id, -1); 3741*cdf0e10cSrcweir- 3742*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); 3743*cdf0e10cSrcweir+ 3744*cdf0e10cSrcweir+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst); 3745*cdf0e10cSrcweir+ xmlSecAssert2(ctxDst != NULL, -1); 3746*cdf0e10cSrcweir+ 3747*cdf0e10cSrcweir+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src); 3748*cdf0e10cSrcweir+ xmlSecAssert2(ctxSrc != NULL, -1); 3749*cdf0e10cSrcweir+ 3750*cdf0e10cSrcweir+ ctxDst->cipher = ctxSrc->cipher ; 3751*cdf0e10cSrcweir+ 3752*cdf0e10cSrcweir+ if( ctxSrc->slot != NULL ) { 3753*cdf0e10cSrcweir+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { 3754*cdf0e10cSrcweir+ PK11_FreeSlot( ctxDst->slot ) ; 3755*cdf0e10cSrcweir+ ctxDst->slot = NULL ; 3756*cdf0e10cSrcweir+ } 3757*cdf0e10cSrcweir+ 3758*cdf0e10cSrcweir+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) 3759*cdf0e10cSrcweir+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; 3760*cdf0e10cSrcweir+ } else { 3761*cdf0e10cSrcweir+ if( ctxDst->slot != NULL ) { 3762*cdf0e10cSrcweir+ PK11_FreeSlot( ctxDst->slot ) ; 3763*cdf0e10cSrcweir+ ctxDst->slot = NULL ; 3764*cdf0e10cSrcweir+ } 3765*cdf0e10cSrcweir+ } 3766*cdf0e10cSrcweir+ 3767*cdf0e10cSrcweir+ if( ctxSrc->symkey != NULL ) { 3768*cdf0e10cSrcweir+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { 3769*cdf0e10cSrcweir+ PK11_FreeSymKey( ctxDst->symkey ) ; 3770*cdf0e10cSrcweir+ ctxDst->symkey = NULL ; 3771*cdf0e10cSrcweir+ } 3772*cdf0e10cSrcweir+ 3773*cdf0e10cSrcweir+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) 3774*cdf0e10cSrcweir+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; 3775*cdf0e10cSrcweir+ } else { 3776*cdf0e10cSrcweir+ if( ctxDst->symkey != NULL ) { 3777*cdf0e10cSrcweir+ PK11_FreeSymKey( ctxDst->symkey ) ; 3778*cdf0e10cSrcweir+ ctxDst->symkey = NULL ; 3779*cdf0e10cSrcweir+ } 3780*cdf0e10cSrcweir+ } 3781*cdf0e10cSrcweir+ 3782*cdf0e10cSrcweir+ return(0); 3783*cdf0e10cSrcweir } 3784*cdf0e10cSrcweir 3785*cdf0e10cSrcweir static void 3786*cdf0e10cSrcweir xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { 3787*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctx; 3788*cdf0e10cSrcweir+ 3789*cdf0e10cSrcweir xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); 3790*cdf0e10cSrcweir- 3791*cdf0e10cSrcweir- xmlSecKeyDataBinaryValueFinalize(data); 3792*cdf0e10cSrcweir+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); 3793*cdf0e10cSrcweir+ 3794*cdf0e10cSrcweir+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3795*cdf0e10cSrcweir+ xmlSecAssert(ctx != NULL); 3796*cdf0e10cSrcweir+ 3797*cdf0e10cSrcweir+ if( ctx->slot != NULL ) { 3798*cdf0e10cSrcweir+ PK11_FreeSlot( ctx->slot ) ; 3799*cdf0e10cSrcweir+ ctx->slot = NULL ; 3800*cdf0e10cSrcweir+ } 3801*cdf0e10cSrcweir+ 3802*cdf0e10cSrcweir+ if( ctx->symkey != NULL ) { 3803*cdf0e10cSrcweir+ PK11_FreeSymKey( ctx->symkey ) ; 3804*cdf0e10cSrcweir+ ctx->symkey = NULL ; 3805*cdf0e10cSrcweir+ } 3806*cdf0e10cSrcweir+ 3807*cdf0e10cSrcweir+ ctx->cipher = CKM_INVALID_MECHANISM ; 3808*cdf0e10cSrcweir } 3809*cdf0e10cSrcweir 3810*cdf0e10cSrcweir static int 3811*cdf0e10cSrcweir xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, 3812*cdf0e10cSrcweir xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 3813*cdf0e10cSrcweir- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 3814*cdf0e10cSrcweir+ PK11SymKey* symKey ; 3815*cdf0e10cSrcweir+ PK11SlotInfo* slot ; 3816*cdf0e10cSrcweir+ xmlSecBufferPtr keyBuf; 3817*cdf0e10cSrcweir+ xmlSecSize len; 3818*cdf0e10cSrcweir+ xmlSecKeyDataPtr data; 3819*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctx; 3820*cdf0e10cSrcweir+ SECItem keyItem ; 3821*cdf0e10cSrcweir+ int ret; 3822*cdf0e10cSrcweir+ 3823*cdf0e10cSrcweir+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); 3824*cdf0e10cSrcweir+ xmlSecAssert2(key != NULL, -1); 3825*cdf0e10cSrcweir+ xmlSecAssert2(node != NULL, -1); 3826*cdf0e10cSrcweir+ xmlSecAssert2(keyInfoCtx != NULL, -1); 3827*cdf0e10cSrcweir+ 3828*cdf0e10cSrcweir+ /* Create a new KeyData from a id */ 3829*cdf0e10cSrcweir+ data = xmlSecKeyDataCreate(id); 3830*cdf0e10cSrcweir+ if(data == NULL ) { 3831*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3832*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3833*cdf0e10cSrcweir+ "xmlSecKeyDataCreate", 3834*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3835*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3836*cdf0e10cSrcweir+ return(-1); 3837*cdf0e10cSrcweir+ } 3838*cdf0e10cSrcweir+ 3839*cdf0e10cSrcweir+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3840*cdf0e10cSrcweir+ xmlSecAssert2(ctx != NULL, -1); 3841*cdf0e10cSrcweir+ 3842*cdf0e10cSrcweir+ /* Create a buffer for raw symmetric key value */ 3843*cdf0e10cSrcweir+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { 3844*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3845*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3846*cdf0e10cSrcweir+ "xmlSecBufferCreate" , 3847*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3848*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3849*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3850*cdf0e10cSrcweir+ return(-1) ; 3851*cdf0e10cSrcweir+ } 3852*cdf0e10cSrcweir+ 3853*cdf0e10cSrcweir+ /* Read the raw key value */ 3854*cdf0e10cSrcweir+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { 3855*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3856*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3857*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 3858*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3859*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3860*cdf0e10cSrcweir+ 3861*cdf0e10cSrcweir+ xmlSecBufferDestroy( keyBuf ) ; 3862*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3863*cdf0e10cSrcweir+ return(-1) ; 3864*cdf0e10cSrcweir+ } 3865*cdf0e10cSrcweir+ 3866*cdf0e10cSrcweir+ /* Get slot */ 3867*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(ctx->cipher); 3868*cdf0e10cSrcweir+ if( slot == NULL ) { 3869*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3870*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3871*cdf0e10cSrcweir+ "xmlSecNssSlotGet" , 3872*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3873*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3874*cdf0e10cSrcweir+ 3875*cdf0e10cSrcweir+ xmlSecBufferDestroy( keyBuf ) ; 3876*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3877*cdf0e10cSrcweir+ return(-1) ; 3878*cdf0e10cSrcweir+ } 3879*cdf0e10cSrcweir+ 3880*cdf0e10cSrcweir+ /* Wrap the raw key value SECItem */ 3881*cdf0e10cSrcweir+ keyItem.type = siBuffer ; 3882*cdf0e10cSrcweir+ keyItem.data = xmlSecBufferGetData( keyBuf ) ; 3883*cdf0e10cSrcweir+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ; 3884*cdf0e10cSrcweir+ 3885*cdf0e10cSrcweir+ /* Import the raw key into slot temporalily and get the key handler*/ 3886*cdf0e10cSrcweir+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; 3887*cdf0e10cSrcweir+ if( symKey == NULL ) { 3888*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 3889*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3890*cdf0e10cSrcweir+ "PK11_ImportSymKey" , 3891*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3892*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3893*cdf0e10cSrcweir+ 3894*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 3895*cdf0e10cSrcweir+ xmlSecBufferDestroy( keyBuf ) ; 3896*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3897*cdf0e10cSrcweir+ return(-1) ; 3898*cdf0e10cSrcweir+ } 3899*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 3900*cdf0e10cSrcweir+ 3901*cdf0e10cSrcweir+ /* raw key material has been copied into symKey, it isn't used any more */ 3902*cdf0e10cSrcweir+ xmlSecBufferDestroy( keyBuf ) ; 3903*cdf0e10cSrcweir+ 3904*cdf0e10cSrcweir+ /* Adopt the symmetric key into key data */ 3905*cdf0e10cSrcweir+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); 3906*cdf0e10cSrcweir+ if(ret < 0) { 3907*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3908*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3909*cdf0e10cSrcweir+ "xmlSecKeyDataBinaryValueSetBuffer", 3910*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3911*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3912*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 3913*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3914*cdf0e10cSrcweir+ return(-1); 3915*cdf0e10cSrcweir+ } 3916*cdf0e10cSrcweir+ /* symKey has been duplicated into data, it isn't used any more */ 3917*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 3918*cdf0e10cSrcweir+ 3919*cdf0e10cSrcweir+ /* Check value */ 3920*cdf0e10cSrcweir+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { 3921*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3922*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3923*cdf0e10cSrcweir+ "xmlSecKeyReqMatchKeyValue", 3924*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3925*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3926*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3927*cdf0e10cSrcweir+ return(0); 3928*cdf0e10cSrcweir+ } 3929*cdf0e10cSrcweir 3930*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); 3931*cdf0e10cSrcweir+ ret = xmlSecKeySetValue(key, data); 3932*cdf0e10cSrcweir+ if(ret < 0) { 3933*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3934*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3935*cdf0e10cSrcweir+ "xmlSecKeySetValue", 3936*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3937*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3938*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 3939*cdf0e10cSrcweir+ return(-1); 3940*cdf0e10cSrcweir+ } 3941*cdf0e10cSrcweir+ 3942*cdf0e10cSrcweir+ return(0); 3943*cdf0e10cSrcweir } 3944*cdf0e10cSrcweir 3945*cdf0e10cSrcweir static int 3946*cdf0e10cSrcweir xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, 3947*cdf0e10cSrcweir xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 3948*cdf0e10cSrcweir+ PK11SymKey* symKey ; 3949*cdf0e10cSrcweir+ 3950*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 3951*cdf0e10cSrcweir- 3952*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); 3953*cdf0e10cSrcweir+ xmlSecAssert2(key != NULL, -1); 3954*cdf0e10cSrcweir+ xmlSecAssert2(node != NULL, -1); 3955*cdf0e10cSrcweir+ xmlSecAssert2(keyInfoCtx != NULL, -1); 3956*cdf0e10cSrcweir+ 3957*cdf0e10cSrcweir+ /* Get symmetric key from "key" */ 3958*cdf0e10cSrcweir+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); 3959*cdf0e10cSrcweir+ if( symKey != NULL ) { 3960*cdf0e10cSrcweir+ SECItem* keyItem ; 3961*cdf0e10cSrcweir+ xmlSecBufferPtr keyBuf ; 3962*cdf0e10cSrcweir+ 3963*cdf0e10cSrcweir+ /* Extract raw key data from symmetric key */ 3964*cdf0e10cSrcweir+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { 3965*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3966*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3967*cdf0e10cSrcweir+ "PK11_ExtractKeyValue", 3968*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3969*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3970*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 3971*cdf0e10cSrcweir+ return(-1); 3972*cdf0e10cSrcweir+ } 3973*cdf0e10cSrcweir+ 3974*cdf0e10cSrcweir+ /* Get raw key data from "symKey" */ 3975*cdf0e10cSrcweir+ keyItem = PK11_GetKeyData( symKey ) ; 3976*cdf0e10cSrcweir+ if(keyItem == NULL) { 3977*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3978*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3979*cdf0e10cSrcweir+ "PK11_GetKeyData", 3980*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3981*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3982*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 3983*cdf0e10cSrcweir+ return(-1); 3984*cdf0e10cSrcweir+ } 3985*cdf0e10cSrcweir+ 3986*cdf0e10cSrcweir+ /* Create key data buffer with raw kwy material */ 3987*cdf0e10cSrcweir+ keyBuf = xmlSecBufferCreate(keyItem->len) ; 3988*cdf0e10cSrcweir+ if(keyBuf == NULL) { 3989*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 3990*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3991*cdf0e10cSrcweir+ "xmlSecBufferCreate", 3992*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3993*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 3994*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 3995*cdf0e10cSrcweir+ return(-1); 3996*cdf0e10cSrcweir+ } 3997*cdf0e10cSrcweir+ 3998*cdf0e10cSrcweir+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; 3999*cdf0e10cSrcweir+ 4000*cdf0e10cSrcweir+ /* Write raw key material into current xml node */ 4001*cdf0e10cSrcweir+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { 4002*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4003*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4004*cdf0e10cSrcweir+ "xmlSecBufferBase64NodeContentWrite", 4005*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4006*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4007*cdf0e10cSrcweir+ xmlSecBufferDestroy(keyBuf); 4008*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4009*cdf0e10cSrcweir+ return(-1); 4010*cdf0e10cSrcweir+ } 4011*cdf0e10cSrcweir+ xmlSecBufferDestroy(keyBuf); 4012*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4013*cdf0e10cSrcweir+ } 4014*cdf0e10cSrcweir+ 4015*cdf0e10cSrcweir+ return 0 ; 4016*cdf0e10cSrcweir } 4017*cdf0e10cSrcweir 4018*cdf0e10cSrcweir static int 4019*cdf0e10cSrcweir xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, 4020*cdf0e10cSrcweir const xmlSecByte* buf, xmlSecSize bufSize, 4021*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx) { 4022*cdf0e10cSrcweir- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 4023*cdf0e10cSrcweir+ PK11SymKey* symKey ; 4024*cdf0e10cSrcweir+ PK11SlotInfo* slot ; 4025*cdf0e10cSrcweir+ xmlSecKeyDataPtr data; 4026*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctx; 4027*cdf0e10cSrcweir+ SECItem keyItem ; 4028*cdf0e10cSrcweir+ int ret; 4029*cdf0e10cSrcweir+ 4030*cdf0e10cSrcweir+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); 4031*cdf0e10cSrcweir+ xmlSecAssert2(key != NULL, -1); 4032*cdf0e10cSrcweir+ xmlSecAssert2(buf != NULL, -1); 4033*cdf0e10cSrcweir+ xmlSecAssert2(bufSize != 0, -1); 4034*cdf0e10cSrcweir+ xmlSecAssert2(keyInfoCtx != NULL, -1); 4035*cdf0e10cSrcweir+ 4036*cdf0e10cSrcweir+ /* Create a new KeyData from a id */ 4037*cdf0e10cSrcweir+ data = xmlSecKeyDataCreate(id); 4038*cdf0e10cSrcweir+ if(data == NULL ) { 4039*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4040*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4041*cdf0e10cSrcweir+ "xmlSecKeyDataCreate", 4042*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4043*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4044*cdf0e10cSrcweir+ return(-1); 4045*cdf0e10cSrcweir+ } 4046*cdf0e10cSrcweir+ 4047*cdf0e10cSrcweir+ ctx = xmlSecNssSymKeyDataGetCtx(data); 4048*cdf0e10cSrcweir+ xmlSecAssert2(ctx != NULL, -1); 4049*cdf0e10cSrcweir+ 4050*cdf0e10cSrcweir+ /* Get slot */ 4051*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(ctx->cipher); 4052*cdf0e10cSrcweir+ if( slot == NULL ) { 4053*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4054*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4055*cdf0e10cSrcweir+ "xmlSecNssSlotGet" , 4056*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4057*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4058*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 4059*cdf0e10cSrcweir+ return(-1) ; 4060*cdf0e10cSrcweir+ } 4061*cdf0e10cSrcweir+ 4062*cdf0e10cSrcweir+ /* Wrap the raw key value SECItem */ 4063*cdf0e10cSrcweir+ keyItem.type = siBuffer ; 4064*cdf0e10cSrcweir+ keyItem.data = buf ; 4065*cdf0e10cSrcweir+ keyItem.len = bufSize ; 4066*cdf0e10cSrcweir+ 4067*cdf0e10cSrcweir+ /* Import the raw key into slot temporalily and get the key handler*/ 4068*cdf0e10cSrcweir+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; 4069*cdf0e10cSrcweir+ if( symKey == NULL ) { 4070*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4071*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4072*cdf0e10cSrcweir+ "PK11_ImportSymKey" , 4073*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4074*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4075*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 4076*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 4077*cdf0e10cSrcweir+ return(-1) ; 4078*cdf0e10cSrcweir+ } 4079*cdf0e10cSrcweir+ 4080*cdf0e10cSrcweir+ /* Adopt the symmetric key into key data */ 4081*cdf0e10cSrcweir+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); 4082*cdf0e10cSrcweir+ if(ret < 0) { 4083*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4084*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4085*cdf0e10cSrcweir+ "xmlSecKeyDataBinaryValueSetBuffer", 4086*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4087*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4088*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4089*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 4090*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 4091*cdf0e10cSrcweir+ return(-1); 4092*cdf0e10cSrcweir+ } 4093*cdf0e10cSrcweir+ /* symKey has been duplicated into data, it isn't used any more */ 4094*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4095*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 4096*cdf0e10cSrcweir+ 4097*cdf0e10cSrcweir+ /* Check value */ 4098*cdf0e10cSrcweir+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { 4099*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4100*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4101*cdf0e10cSrcweir+ "xmlSecKeyReqMatchKeyValue", 4102*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4103*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4104*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 4105*cdf0e10cSrcweir+ return(0); 4106*cdf0e10cSrcweir+ } 4107*cdf0e10cSrcweir 4108*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); 4109*cdf0e10cSrcweir+ ret = xmlSecKeySetValue(key, data); 4110*cdf0e10cSrcweir+ if(ret < 0) { 4111*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4112*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4113*cdf0e10cSrcweir+ "xmlSecKeySetValue", 4114*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4115*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4116*cdf0e10cSrcweir+ xmlSecKeyDataDestroy( data ) ; 4117*cdf0e10cSrcweir+ return(-1); 4118*cdf0e10cSrcweir+ } 4119*cdf0e10cSrcweir+ 4120*cdf0e10cSrcweir+ return(0); 4121*cdf0e10cSrcweir } 4122*cdf0e10cSrcweir 4123*cdf0e10cSrcweir static int 4124*cdf0e10cSrcweir xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, 4125*cdf0e10cSrcweir xmlSecByte** buf, xmlSecSize* bufSize, 4126*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx) { 4127*cdf0e10cSrcweir+ PK11SymKey* symKey ; 4128*cdf0e10cSrcweir+ 4129*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 4130*cdf0e10cSrcweir+ xmlSecAssert2(key != NULL, -1); 4131*cdf0e10cSrcweir+ xmlSecAssert2(buf != NULL, -1); 4132*cdf0e10cSrcweir+ xmlSecAssert2(bufSize != 0, -1); 4133*cdf0e10cSrcweir+ xmlSecAssert2(keyInfoCtx != NULL, -1); 4134*cdf0e10cSrcweir+ 4135*cdf0e10cSrcweir+ /* Get symmetric key from "key" */ 4136*cdf0e10cSrcweir+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); 4137*cdf0e10cSrcweir+ if( symKey != NULL ) { 4138*cdf0e10cSrcweir+ SECItem* keyItem ; 4139*cdf0e10cSrcweir+ 4140*cdf0e10cSrcweir+ /* Extract raw key data from symmetric key */ 4141*cdf0e10cSrcweir+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { 4142*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4143*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4144*cdf0e10cSrcweir+ "PK11_ExtractKeyValue", 4145*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4146*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4147*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4148*cdf0e10cSrcweir+ return(-1); 4149*cdf0e10cSrcweir+ } 4150*cdf0e10cSrcweir+ 4151*cdf0e10cSrcweir+ /* Get raw key data from "symKey" */ 4152*cdf0e10cSrcweir+ keyItem = PK11_GetKeyData( symKey ) ; 4153*cdf0e10cSrcweir+ if(keyItem == NULL) { 4154*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4155*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4156*cdf0e10cSrcweir+ "PK11_GetKeyData", 4157*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4158*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4159*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4160*cdf0e10cSrcweir+ return(-1); 4161*cdf0e10cSrcweir+ } 4162*cdf0e10cSrcweir+ 4163*cdf0e10cSrcweir+ *bufSize = keyItem->len; 4164*cdf0e10cSrcweir+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); 4165*cdf0e10cSrcweir+ if( *buf == NULL ) { 4166*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4167*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4168*cdf0e10cSrcweir+ NULL, 4169*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4170*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 4171*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4172*cdf0e10cSrcweir+ return(-1); 4173*cdf0e10cSrcweir+ } 4174*cdf0e10cSrcweir+ 4175*cdf0e10cSrcweir+ memcpy((*buf), keyItem->data, (*bufSize)); 4176*cdf0e10cSrcweir+ PK11_FreeSymKey( symKey ) ; 4177*cdf0e10cSrcweir+ } 4178*cdf0e10cSrcweir 4179*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); 4180*cdf0e10cSrcweir+ return 0 ; 4181*cdf0e10cSrcweir } 4182*cdf0e10cSrcweir 4183*cdf0e10cSrcweir static int 4184*cdf0e10cSrcweir xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { 4185*cdf0e10cSrcweir- xmlSecBufferPtr buffer; 4186*cdf0e10cSrcweir+ PK11SymKey* symkey ; 4187*cdf0e10cSrcweir+ PK11SlotInfo* slot ; 4188*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr ctx; 4189*cdf0e10cSrcweir+ int ret; 4190*cdf0e10cSrcweir 4191*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); 4192*cdf0e10cSrcweir xmlSecAssert2(sizeBits > 0, -1); 4193*cdf0e10cSrcweir 4194*cdf0e10cSrcweir- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); 4195*cdf0e10cSrcweir- xmlSecAssert2(buffer != NULL, -1); 4196*cdf0e10cSrcweir- 4197*cdf0e10cSrcweir- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); 4198*cdf0e10cSrcweir+ ctx = xmlSecNssSymKeyDataGetCtx(data); 4199*cdf0e10cSrcweir+ xmlSecAssert2(ctx != NULL, -1); 4200*cdf0e10cSrcweir+ 4201*cdf0e10cSrcweir+ if( sizeBits % 8 != 0 ) { 4202*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 4203*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 4204*cdf0e10cSrcweir+ NULL, 4205*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4206*cdf0e10cSrcweir+ "Symmetric key size must be octuple"); 4207*cdf0e10cSrcweir+ return(-1); 4208*cdf0e10cSrcweir+ } 4209*cdf0e10cSrcweir+ 4210*cdf0e10cSrcweir+ /* Get slot */ 4211*cdf0e10cSrcweir+ slot = xmlSecNssSlotGet(ctx->cipher); 4212*cdf0e10cSrcweir+ if( slot == NULL ) { 4213*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4214*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 4215*cdf0e10cSrcweir+ "xmlSecNssSlotGet" , 4216*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4217*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4218*cdf0e10cSrcweir+ return(-1) ; 4219*cdf0e10cSrcweir+ } 4220*cdf0e10cSrcweir+ 4221*cdf0e10cSrcweir+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { 4222*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4223*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4224*cdf0e10cSrcweir+ "PK11_Authenticate" , 4225*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4226*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4227*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 4228*cdf0e10cSrcweir+ return -1 ; 4229*cdf0e10cSrcweir+ } 4230*cdf0e10cSrcweir+ 4231*cdf0e10cSrcweir+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; 4232*cdf0e10cSrcweir+ if( symkey == NULL ) { 4233*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4234*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4235*cdf0e10cSrcweir+ "PK11_KeyGen" , 4236*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4237*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4238*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 4239*cdf0e10cSrcweir+ return -1 ; 4240*cdf0e10cSrcweir+ } 4241*cdf0e10cSrcweir+ 4242*cdf0e10cSrcweir+ if( ctx->slot != NULL ) { 4243*cdf0e10cSrcweir+ PK11_FreeSlot( ctx->slot ) ; 4244*cdf0e10cSrcweir+ ctx->slot = NULL ; 4245*cdf0e10cSrcweir+ } 4246*cdf0e10cSrcweir+ ctx->slot = slot ; 4247*cdf0e10cSrcweir+ 4248*cdf0e10cSrcweir+ if( ctx->symkey != NULL ) { 4249*cdf0e10cSrcweir+ PK11_FreeSymKey( ctx->symkey ) ; 4250*cdf0e10cSrcweir+ ctx->symkey = NULL ; 4251*cdf0e10cSrcweir+ } 4252*cdf0e10cSrcweir+ ctx->symkey = symkey ; 4253*cdf0e10cSrcweir+ 4254*cdf0e10cSrcweir+ return 0; 4255*cdf0e10cSrcweir } 4256*cdf0e10cSrcweir 4257*cdf0e10cSrcweir static xmlSecKeyDataType 4258*cdf0e10cSrcweir xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { 4259*cdf0e10cSrcweir- xmlSecBufferPtr buffer; 4260*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr context = NULL ; 4261*cdf0e10cSrcweir+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; 4262*cdf0e10cSrcweir 4263*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); 4264*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; 4265*cdf0e10cSrcweir 4266*cdf0e10cSrcweir- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); 4267*cdf0e10cSrcweir- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); 4268*cdf0e10cSrcweir+ context = xmlSecNssSymKeyDataGetCtx( data ) ; 4269*cdf0e10cSrcweir+ if( context == NULL ) { 4270*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4271*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4272*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataGetCtx" , 4273*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4274*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4275*cdf0e10cSrcweir+ return xmlSecKeyDataTypeUnknown ; 4276*cdf0e10cSrcweir+ } 4277*cdf0e10cSrcweir 4278*cdf0e10cSrcweir- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); 4279*cdf0e10cSrcweir+ if( context->symkey != NULL ) { 4280*cdf0e10cSrcweir+ type |= xmlSecKeyDataTypeSymmetric ; 4281*cdf0e10cSrcweir+ } else { 4282*cdf0e10cSrcweir+ type |= xmlSecKeyDataTypeUnknown ; 4283*cdf0e10cSrcweir+ } 4284*cdf0e10cSrcweir+ 4285*cdf0e10cSrcweir+ return type ; 4286*cdf0e10cSrcweir } 4287*cdf0e10cSrcweir 4288*cdf0e10cSrcweir static xmlSecSize 4289*cdf0e10cSrcweir xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { 4290*cdf0e10cSrcweir+ xmlSecNssSymKeyDataCtxPtr context ; 4291*cdf0e10cSrcweir+ unsigned int length = 0 ; 4292*cdf0e10cSrcweir+ 4293*cdf0e10cSrcweir xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); 4294*cdf0e10cSrcweir+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; 4295*cdf0e10cSrcweir+ context = xmlSecNssSymKeyDataGetCtx( data ) ; 4296*cdf0e10cSrcweir+ if( context == NULL ) { 4297*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4298*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4299*cdf0e10cSrcweir+ "xmlSecNssSymKeyDataGetCtx" , 4300*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4301*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4302*cdf0e10cSrcweir+ return 0 ; 4303*cdf0e10cSrcweir+ } 4304*cdf0e10cSrcweir+ 4305*cdf0e10cSrcweir+ if( context->symkey != NULL ) { 4306*cdf0e10cSrcweir+ length = PK11_GetKeyLength( context->symkey ) ; 4307*cdf0e10cSrcweir+ length *= 8 ; 4308*cdf0e10cSrcweir+ } 4309*cdf0e10cSrcweir 4310*cdf0e10cSrcweir- return(xmlSecKeyDataBinaryValueGetSize(data)); 4311*cdf0e10cSrcweir+ return length ; 4312*cdf0e10cSrcweir } 4313*cdf0e10cSrcweir 4314*cdf0e10cSrcweir static void 4315*cdf0e10cSrcweir xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { 4316*cdf0e10cSrcweir xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); 4317*cdf0e10cSrcweir 4318*cdf0e10cSrcweir- xmlSecKeyDataBinaryValueDebugDump(data, output); 4319*cdf0e10cSrcweir+ /* print only size, everything else is sensitive */ 4320*cdf0e10cSrcweir+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , 4321*cdf0e10cSrcweir+ xmlSecKeyDataGetSize(data)) ; 4322*cdf0e10cSrcweir } 4323*cdf0e10cSrcweir 4324*cdf0e10cSrcweir static void 4325*cdf0e10cSrcweir xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { 4326*cdf0e10cSrcweir xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); 4327*cdf0e10cSrcweir- 4328*cdf0e10cSrcweir- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); 4329*cdf0e10cSrcweir+ 4330*cdf0e10cSrcweir+ /* print only size, everything else is sensitive */ 4331*cdf0e10cSrcweir+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , 4332*cdf0e10cSrcweir+ xmlSecKeyDataGetSize(data)) ; 4333*cdf0e10cSrcweir } 4334*cdf0e10cSrcweir 4335*cdf0e10cSrcweir static int 4336*cdf0e10cSrcweir@@ -201,7 +858,7 @@ 4337*cdf0e10cSrcweir *************************************************************************/ 4338*cdf0e10cSrcweir static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { 4339*cdf0e10cSrcweir sizeof(xmlSecKeyDataKlass), 4340*cdf0e10cSrcweir- xmlSecKeyDataBinarySize, 4341*cdf0e10cSrcweir+ xmlSecNssSymKeyDataSize, 4342*cdf0e10cSrcweir 4343*cdf0e10cSrcweir /* data */ 4344*cdf0e10cSrcweir xmlSecNameAESKeyValue, 4345*cdf0e10cSrcweir@@ -282,7 +939,7 @@ 4346*cdf0e10cSrcweir *************************************************************************/ 4347*cdf0e10cSrcweir static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { 4348*cdf0e10cSrcweir sizeof(xmlSecKeyDataKlass), 4349*cdf0e10cSrcweir- xmlSecKeyDataBinarySize, 4350*cdf0e10cSrcweir+ xmlSecNssSymKeyDataSize, 4351*cdf0e10cSrcweir 4352*cdf0e10cSrcweir /* data */ 4353*cdf0e10cSrcweir xmlSecNameDESKeyValue, 4354*cdf0e10cSrcweir@@ -364,7 +1021,7 @@ 4355*cdf0e10cSrcweir *************************************************************************/ 4356*cdf0e10cSrcweir static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { 4357*cdf0e10cSrcweir sizeof(xmlSecKeyDataKlass), 4358*cdf0e10cSrcweir- xmlSecKeyDataBinarySize, 4359*cdf0e10cSrcweir+ xmlSecNssSymKeyDataSize, 4360*cdf0e10cSrcweir 4361*cdf0e10cSrcweir /* data */ 4362*cdf0e10cSrcweir xmlSecNameHMACKeyValue, 4363*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200 4364*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200 4365*cdf0e10cSrcweir@@ -1 +1,548 @@ 4366*cdf0e10cSrcweir-dummy 4367*cdf0e10cSrcweir+/** 4368*cdf0e10cSrcweir+ * XMLSec library 4369*cdf0e10cSrcweir+ * 4370*cdf0e10cSrcweir+ * This is free software; see Copyright file in the source 4371*cdf0e10cSrcweir+ * distribution for preciese wording. 4372*cdf0e10cSrcweir+ * 4373*cdf0e10cSrcweir+ * Copyright.................................. 4374*cdf0e10cSrcweir+ * 4375*cdf0e10cSrcweir+ * Contributor(s): _____________________________ 4376*cdf0e10cSrcweir+ * 4377*cdf0e10cSrcweir+ */ 4378*cdf0e10cSrcweir+ 4379*cdf0e10cSrcweir+/** 4380*cdf0e10cSrcweir+ * In order to ensure that particular crypto operation is performed on 4381*cdf0e10cSrcweir+ * particular crypto device, a subclass of xmlSecList is used to store slot and 4382*cdf0e10cSrcweir+ * mechanism information. 4383*cdf0e10cSrcweir+ * 4384*cdf0e10cSrcweir+ * In the list, a slot is bound with a mechanism. If the mechanism is available, 4385*cdf0e10cSrcweir+ * this mechanism only can perform on the slot; otherwise, it can perform on 4386*cdf0e10cSrcweir+ * every eligibl slot in the list. 4387*cdf0e10cSrcweir+ * 4388*cdf0e10cSrcweir+ * When try to find a slot for a particular mechanism, the slot bound with 4389*cdf0e10cSrcweir+ * avaliable mechanism will be looked up firstly. 4390*cdf0e10cSrcweir+ */ 4391*cdf0e10cSrcweir+#include "globals.h" 4392*cdf0e10cSrcweir+#include <string.h> 4393*cdf0e10cSrcweir+ 4394*cdf0e10cSrcweir+#include <xmlsec/xmlsec.h> 4395*cdf0e10cSrcweir+#include <xmlsec/errors.h> 4396*cdf0e10cSrcweir+#include <xmlsec/list.h> 4397*cdf0e10cSrcweir+ 4398*cdf0e10cSrcweir+#include <xmlsec/nss/tokens.h> 4399*cdf0e10cSrcweir+ 4400*cdf0e10cSrcweir+int 4401*cdf0e10cSrcweir+xmlSecNssKeySlotSetMechList( 4402*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4403*cdf0e10cSrcweir+ CK_MECHANISM_TYPE_PTR mechanismList 4404*cdf0e10cSrcweir+) { 4405*cdf0e10cSrcweir+ int counter ; 4406*cdf0e10cSrcweir+ 4407*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4408*cdf0e10cSrcweir+ 4409*cdf0e10cSrcweir+ if( keySlot->mechanismList != CK_NULL_PTR ) { 4410*cdf0e10cSrcweir+ xmlFree( keySlot->mechanismList ) ; 4411*cdf0e10cSrcweir+ 4412*cdf0e10cSrcweir+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; 4413*cdf0e10cSrcweir+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; 4414*cdf0e10cSrcweir+ if( keySlot->mechanismList == NULL ) { 4415*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4416*cdf0e10cSrcweir+ NULL , 4417*cdf0e10cSrcweir+ NULL , 4418*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4419*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4420*cdf0e10cSrcweir+ return( -1 ); 4421*cdf0e10cSrcweir+ } 4422*cdf0e10cSrcweir+ for( ; counter >= 0 ; counter -- ) 4423*cdf0e10cSrcweir+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; 4424*cdf0e10cSrcweir+ } 4425*cdf0e10cSrcweir+ 4426*cdf0e10cSrcweir+ return( 0 ); 4427*cdf0e10cSrcweir+} 4428*cdf0e10cSrcweir+ 4429*cdf0e10cSrcweir+int 4430*cdf0e10cSrcweir+xmlSecNssKeySlotEnableMech( 4431*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4432*cdf0e10cSrcweir+ CK_MECHANISM_TYPE mechanism 4433*cdf0e10cSrcweir+) { 4434*cdf0e10cSrcweir+ int counter ; 4435*cdf0e10cSrcweir+ CK_MECHANISM_TYPE_PTR newList ; 4436*cdf0e10cSrcweir+ 4437*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4438*cdf0e10cSrcweir+ 4439*cdf0e10cSrcweir+ if( mechanism != CKM_INVALID_MECHANISM ) { 4440*cdf0e10cSrcweir+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; 4441*cdf0e10cSrcweir+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; 4442*cdf0e10cSrcweir+ if( newList == NULL ) { 4443*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4444*cdf0e10cSrcweir+ NULL , 4445*cdf0e10cSrcweir+ NULL , 4446*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4447*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4448*cdf0e10cSrcweir+ return( -1 ); 4449*cdf0e10cSrcweir+ } 4450*cdf0e10cSrcweir+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; 4451*cdf0e10cSrcweir+ *( newList + counter ) = mechanism ; 4452*cdf0e10cSrcweir+ for( counter -= 1 ; counter >= 0 ; counter -- ) 4453*cdf0e10cSrcweir+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; 4454*cdf0e10cSrcweir+ 4455*cdf0e10cSrcweir+ xmlFree( keySlot->mechanismList ) ; 4456*cdf0e10cSrcweir+ keySlot->mechanismList = newList ; 4457*cdf0e10cSrcweir+ } 4458*cdf0e10cSrcweir+ 4459*cdf0e10cSrcweir+ return(0); 4460*cdf0e10cSrcweir+} 4461*cdf0e10cSrcweir+ 4462*cdf0e10cSrcweir+int 4463*cdf0e10cSrcweir+xmlSecNssKeySlotDisableMech( 4464*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4465*cdf0e10cSrcweir+ CK_MECHANISM_TYPE mechanism 4466*cdf0e10cSrcweir+) { 4467*cdf0e10cSrcweir+ int counter ; 4468*cdf0e10cSrcweir+ 4469*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4470*cdf0e10cSrcweir+ 4471*cdf0e10cSrcweir+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { 4472*cdf0e10cSrcweir+ if( *( keySlot->mechanismList + counter ) == mechanism ) { 4473*cdf0e10cSrcweir+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { 4474*cdf0e10cSrcweir+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; 4475*cdf0e10cSrcweir+ } 4476*cdf0e10cSrcweir+ 4477*cdf0e10cSrcweir+ break ; 4478*cdf0e10cSrcweir+ } 4479*cdf0e10cSrcweir+ } 4480*cdf0e10cSrcweir+ 4481*cdf0e10cSrcweir+ return(0); 4482*cdf0e10cSrcweir+} 4483*cdf0e10cSrcweir+ 4484*cdf0e10cSrcweir+CK_MECHANISM_TYPE_PTR 4485*cdf0e10cSrcweir+xmlSecNssKeySlotGetMechList( 4486*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 4487*cdf0e10cSrcweir+) { 4488*cdf0e10cSrcweir+ if( keySlot != NULL ) 4489*cdf0e10cSrcweir+ return keySlot->mechanismList ; 4490*cdf0e10cSrcweir+ else 4491*cdf0e10cSrcweir+ return NULL ; 4492*cdf0e10cSrcweir+} 4493*cdf0e10cSrcweir+ 4494*cdf0e10cSrcweir+int 4495*cdf0e10cSrcweir+xmlSecNssKeySlotSetSlot( 4496*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4497*cdf0e10cSrcweir+ PK11SlotInfo* slot 4498*cdf0e10cSrcweir+) { 4499*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4500*cdf0e10cSrcweir+ 4501*cdf0e10cSrcweir+ if( slot != NULL && keySlot->slot != slot ) { 4502*cdf0e10cSrcweir+ if( keySlot->slot != NULL ) 4503*cdf0e10cSrcweir+ PK11_FreeSlot( keySlot->slot ) ; 4504*cdf0e10cSrcweir+ 4505*cdf0e10cSrcweir+ if( keySlot->mechanismList != NULL ) { 4506*cdf0e10cSrcweir+ xmlFree( keySlot->mechanismList ) ; 4507*cdf0e10cSrcweir+ keySlot->mechanismList = NULL ; 4508*cdf0e10cSrcweir+ } 4509*cdf0e10cSrcweir+ 4510*cdf0e10cSrcweir+ keySlot->slot = PK11_ReferenceSlot( slot ) ; 4511*cdf0e10cSrcweir+ } 4512*cdf0e10cSrcweir+ 4513*cdf0e10cSrcweir+ return(0); 4514*cdf0e10cSrcweir+} 4515*cdf0e10cSrcweir+ 4516*cdf0e10cSrcweir+int 4517*cdf0e10cSrcweir+xmlSecNssKeySlotInitialize( 4518*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4519*cdf0e10cSrcweir+ PK11SlotInfo* slot 4520*cdf0e10cSrcweir+) { 4521*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4522*cdf0e10cSrcweir+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; 4523*cdf0e10cSrcweir+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; 4524*cdf0e10cSrcweir+ 4525*cdf0e10cSrcweir+ if( slot != NULL ) { 4526*cdf0e10cSrcweir+ keySlot->slot = PK11_ReferenceSlot( slot ) ; 4527*cdf0e10cSrcweir+ } 4528*cdf0e10cSrcweir+ 4529*cdf0e10cSrcweir+ return(0); 4530*cdf0e10cSrcweir+} 4531*cdf0e10cSrcweir+ 4532*cdf0e10cSrcweir+void 4533*cdf0e10cSrcweir+xmlSecNssKeySlotFinalize( 4534*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 4535*cdf0e10cSrcweir+) { 4536*cdf0e10cSrcweir+ xmlSecAssert( keySlot != NULL ) ; 4537*cdf0e10cSrcweir+ 4538*cdf0e10cSrcweir+ if( keySlot->mechanismList != NULL ) { 4539*cdf0e10cSrcweir+ xmlFree( keySlot->mechanismList ) ; 4540*cdf0e10cSrcweir+ keySlot->mechanismList = NULL ; 4541*cdf0e10cSrcweir+ } 4542*cdf0e10cSrcweir+ 4543*cdf0e10cSrcweir+ if( keySlot->slot != NULL ) { 4544*cdf0e10cSrcweir+ PK11_FreeSlot( keySlot->slot ) ; 4545*cdf0e10cSrcweir+ keySlot->slot = NULL ; 4546*cdf0e10cSrcweir+ } 4547*cdf0e10cSrcweir+ 4548*cdf0e10cSrcweir+} 4549*cdf0e10cSrcweir+ 4550*cdf0e10cSrcweir+PK11SlotInfo* 4551*cdf0e10cSrcweir+xmlSecNssKeySlotGetSlot( 4552*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 4553*cdf0e10cSrcweir+) { 4554*cdf0e10cSrcweir+ if( keySlot != NULL ) 4555*cdf0e10cSrcweir+ return keySlot->slot ; 4556*cdf0e10cSrcweir+ else 4557*cdf0e10cSrcweir+ return NULL ; 4558*cdf0e10cSrcweir+} 4559*cdf0e10cSrcweir+ 4560*cdf0e10cSrcweir+xmlSecNssKeySlotPtr 4561*cdf0e10cSrcweir+xmlSecNssKeySlotCreate() { 4562*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot ; 4563*cdf0e10cSrcweir+ 4564*cdf0e10cSrcweir+ /* Allocates a new xmlSecNssKeySlot and fill the fields */ 4565*cdf0e10cSrcweir+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; 4566*cdf0e10cSrcweir+ if( keySlot == NULL ) { 4567*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4568*cdf0e10cSrcweir+ NULL , 4569*cdf0e10cSrcweir+ NULL , 4570*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4571*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4572*cdf0e10cSrcweir+ return( NULL ); 4573*cdf0e10cSrcweir+ } 4574*cdf0e10cSrcweir+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; 4575*cdf0e10cSrcweir+ 4576*cdf0e10cSrcweir+ return( keySlot ) ; 4577*cdf0e10cSrcweir+} 4578*cdf0e10cSrcweir+ 4579*cdf0e10cSrcweir+int 4580*cdf0e10cSrcweir+xmlSecNssKeySlotCopy( 4581*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr newKeySlot , 4582*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 4583*cdf0e10cSrcweir+) { 4584*cdf0e10cSrcweir+ CK_MECHANISM_TYPE_PTR mech ; 4585*cdf0e10cSrcweir+ int counter ; 4586*cdf0e10cSrcweir+ 4587*cdf0e10cSrcweir+ xmlSecAssert2( newKeySlot != NULL , -1 ) ; 4588*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4589*cdf0e10cSrcweir+ 4590*cdf0e10cSrcweir+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { 4591*cdf0e10cSrcweir+ if( newKeySlot->slot != NULL ) 4592*cdf0e10cSrcweir+ PK11_FreeSlot( newKeySlot->slot ) ; 4593*cdf0e10cSrcweir+ 4594*cdf0e10cSrcweir+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; 4595*cdf0e10cSrcweir+ } 4596*cdf0e10cSrcweir+ 4597*cdf0e10cSrcweir+ if( keySlot->mechanismList != CK_NULL_PTR ) { 4598*cdf0e10cSrcweir+ xmlFree( newKeySlot->mechanismList ) ; 4599*cdf0e10cSrcweir+ 4600*cdf0e10cSrcweir+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; 4601*cdf0e10cSrcweir+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; 4602*cdf0e10cSrcweir+ if( newKeySlot->mechanismList == NULL ) { 4603*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4604*cdf0e10cSrcweir+ NULL , 4605*cdf0e10cSrcweir+ NULL , 4606*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4607*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4608*cdf0e10cSrcweir+ return( -1 ); 4609*cdf0e10cSrcweir+ } 4610*cdf0e10cSrcweir+ for( ; counter >= 0 ; counter -- ) 4611*cdf0e10cSrcweir+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; 4612*cdf0e10cSrcweir+ } 4613*cdf0e10cSrcweir+ 4614*cdf0e10cSrcweir+ return( 0 ); 4615*cdf0e10cSrcweir+} 4616*cdf0e10cSrcweir+ 4617*cdf0e10cSrcweir+xmlSecNssKeySlotPtr 4618*cdf0e10cSrcweir+xmlSecNssKeySlotDuplicate( 4619*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 4620*cdf0e10cSrcweir+) { 4621*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr newKeySlot ; 4622*cdf0e10cSrcweir+ int ret ; 4623*cdf0e10cSrcweir+ 4624*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , NULL ) ; 4625*cdf0e10cSrcweir+ 4626*cdf0e10cSrcweir+ newKeySlot = xmlSecNssKeySlotCreate() ; 4627*cdf0e10cSrcweir+ if( newKeySlot == NULL ) { 4628*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4629*cdf0e10cSrcweir+ NULL , 4630*cdf0e10cSrcweir+ NULL , 4631*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4632*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4633*cdf0e10cSrcweir+ return( NULL ); 4634*cdf0e10cSrcweir+ } 4635*cdf0e10cSrcweir+ 4636*cdf0e10cSrcweir+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { 4637*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4638*cdf0e10cSrcweir+ NULL , 4639*cdf0e10cSrcweir+ NULL , 4640*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4641*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4642*cdf0e10cSrcweir+ return( NULL ); 4643*cdf0e10cSrcweir+ } 4644*cdf0e10cSrcweir+ 4645*cdf0e10cSrcweir+ return( newKeySlot ); 4646*cdf0e10cSrcweir+} 4647*cdf0e10cSrcweir+ 4648*cdf0e10cSrcweir+void 4649*cdf0e10cSrcweir+xmlSecNssKeySlotDestroy( 4650*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot 4651*cdf0e10cSrcweir+) { 4652*cdf0e10cSrcweir+ xmlSecAssert( keySlot != NULL ) ; 4653*cdf0e10cSrcweir+ 4654*cdf0e10cSrcweir+ if( keySlot->mechanismList != NULL ) 4655*cdf0e10cSrcweir+ xmlFree( keySlot->mechanismList ) ; 4656*cdf0e10cSrcweir+ 4657*cdf0e10cSrcweir+ if( keySlot->slot != NULL ) 4658*cdf0e10cSrcweir+ PK11_FreeSlot( keySlot->slot ) ; 4659*cdf0e10cSrcweir+ 4660*cdf0e10cSrcweir+ xmlFree( keySlot ) ; 4661*cdf0e10cSrcweir+} 4662*cdf0e10cSrcweir+ 4663*cdf0e10cSrcweir+int 4664*cdf0e10cSrcweir+xmlSecNssKeySlotBindMech( 4665*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4666*cdf0e10cSrcweir+ CK_MECHANISM_TYPE type 4667*cdf0e10cSrcweir+) { 4668*cdf0e10cSrcweir+ int counter ; 4669*cdf0e10cSrcweir+ 4670*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , 0 ) ; 4671*cdf0e10cSrcweir+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; 4672*cdf0e10cSrcweir+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; 4673*cdf0e10cSrcweir+ 4674*cdf0e10cSrcweir+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { 4675*cdf0e10cSrcweir+ if( *( keySlot->mechanismList + counter ) == type ) 4676*cdf0e10cSrcweir+ return(1) ; 4677*cdf0e10cSrcweir+ } 4678*cdf0e10cSrcweir+ 4679*cdf0e10cSrcweir+ return( 0 ) ; 4680*cdf0e10cSrcweir+} 4681*cdf0e10cSrcweir+ 4682*cdf0e10cSrcweir+int 4683*cdf0e10cSrcweir+xmlSecNssKeySlotSupportMech( 4684*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4685*cdf0e10cSrcweir+ CK_MECHANISM_TYPE type 4686*cdf0e10cSrcweir+) { 4687*cdf0e10cSrcweir+ xmlSecAssert2( keySlot != NULL , 0 ) ; 4688*cdf0e10cSrcweir+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; 4689*cdf0e10cSrcweir+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; 4690*cdf0e10cSrcweir+ 4691*cdf0e10cSrcweir+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { 4692*cdf0e10cSrcweir+ return(1); 4693*cdf0e10cSrcweir+ } else 4694*cdf0e10cSrcweir+ return(0); 4695*cdf0e10cSrcweir+} 4696*cdf0e10cSrcweir+ 4697*cdf0e10cSrcweir+void 4698*cdf0e10cSrcweir+xmlSecNssKeySlotDebugDump( 4699*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4700*cdf0e10cSrcweir+ FILE* output 4701*cdf0e10cSrcweir+) { 4702*cdf0e10cSrcweir+ xmlSecAssert( keySlot != NULL ) ; 4703*cdf0e10cSrcweir+ xmlSecAssert( output != NULL ) ; 4704*cdf0e10cSrcweir+ 4705*cdf0e10cSrcweir+ fprintf( output, "== KEY SLOT\n" ); 4706*cdf0e10cSrcweir+} 4707*cdf0e10cSrcweir+ 4708*cdf0e10cSrcweir+void 4709*cdf0e10cSrcweir+xmlSecNssKeySlotDebugXmlDump( 4710*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot , 4711*cdf0e10cSrcweir+ FILE* output 4712*cdf0e10cSrcweir+) { 4713*cdf0e10cSrcweir+} 4714*cdf0e10cSrcweir+ 4715*cdf0e10cSrcweir+/** 4716*cdf0e10cSrcweir+ * Key Slot List 4717*cdf0e10cSrcweir+ */ 4718*cdf0e10cSrcweir+#ifdef __MINGW32__ // for runtime-pseudo-reloc 4719*cdf0e10cSrcweir+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { 4720*cdf0e10cSrcweir+#else 4721*cdf0e10cSrcweir+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { 4722*cdf0e10cSrcweir+#endif 4723*cdf0e10cSrcweir+ BAD_CAST "mechanism-list", 4724*cdf0e10cSrcweir+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, 4725*cdf0e10cSrcweir+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, 4726*cdf0e10cSrcweir+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, 4727*cdf0e10cSrcweir+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, 4728*cdf0e10cSrcweir+}; 4729*cdf0e10cSrcweir+ 4730*cdf0e10cSrcweir+xmlSecPtrListId 4731*cdf0e10cSrcweir+xmlSecNssKeySlotListGetKlass(void) { 4732*cdf0e10cSrcweir+ return(&xmlSecNssKeySlotPtrListKlass); 4733*cdf0e10cSrcweir+} 4734*cdf0e10cSrcweir+ 4735*cdf0e10cSrcweir+ 4736*cdf0e10cSrcweir+/*- 4737*cdf0e10cSrcweir+ * Global PKCS#11 crypto token repository -- Key slot list 4738*cdf0e10cSrcweir+ */ 4739*cdf0e10cSrcweir+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; 4740*cdf0e10cSrcweir+ 4741*cdf0e10cSrcweir+PK11SlotInfo* 4742*cdf0e10cSrcweir+xmlSecNssSlotGet( 4743*cdf0e10cSrcweir+ CK_MECHANISM_TYPE type 4744*cdf0e10cSrcweir+) { 4745*cdf0e10cSrcweir+ PK11SlotInfo* slot = NULL ; 4746*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot ; 4747*cdf0e10cSrcweir+ xmlSecSize ksSize ; 4748*cdf0e10cSrcweir+ xmlSecSize ksPos ; 4749*cdf0e10cSrcweir+ char flag ; 4750*cdf0e10cSrcweir+ 4751*cdf0e10cSrcweir+ if( _xmlSecNssKeySlotList == NULL ) { 4752*cdf0e10cSrcweir+ slot = PK11_GetBestSlot( type , NULL ) ; 4753*cdf0e10cSrcweir+ } else { 4754*cdf0e10cSrcweir+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; 4755*cdf0e10cSrcweir+ 4756*cdf0e10cSrcweir+ /*- 4757*cdf0e10cSrcweir+ * Firstly, checking whether the mechanism is bound with a special slot. 4758*cdf0e10cSrcweir+ * If no bound slot, we try to find the first eligible slot in the list. 4759*cdf0e10cSrcweir+ */ 4760*cdf0e10cSrcweir+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { 4761*cdf0e10cSrcweir+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; 4762*cdf0e10cSrcweir+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { 4763*cdf0e10cSrcweir+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; 4764*cdf0e10cSrcweir+ flag = 2 ; 4765*cdf0e10cSrcweir+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { 4766*cdf0e10cSrcweir+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; 4767*cdf0e10cSrcweir+ flag = 1 ; 4768*cdf0e10cSrcweir+ } 4769*cdf0e10cSrcweir+ 4770*cdf0e10cSrcweir+ if( flag == 2 ) 4771*cdf0e10cSrcweir+ break ; 4772*cdf0e10cSrcweir+ } 4773*cdf0e10cSrcweir+ if( slot != NULL ) 4774*cdf0e10cSrcweir+ slot = PK11_ReferenceSlot( slot ) ; 4775*cdf0e10cSrcweir+ } 4776*cdf0e10cSrcweir+ 4777*cdf0e10cSrcweir+ if( slot != NULL && PK11_NeedLogin( slot ) ) { 4778*cdf0e10cSrcweir+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { 4779*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4780*cdf0e10cSrcweir+ NULL , 4781*cdf0e10cSrcweir+ NULL , 4782*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4783*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4784*cdf0e10cSrcweir+ PK11_FreeSlot( slot ) ; 4785*cdf0e10cSrcweir+ return( NULL ); 4786*cdf0e10cSrcweir+ } 4787*cdf0e10cSrcweir+ } 4788*cdf0e10cSrcweir+ 4789*cdf0e10cSrcweir+ return slot ; 4790*cdf0e10cSrcweir+} 4791*cdf0e10cSrcweir+ 4792*cdf0e10cSrcweir+int 4793*cdf0e10cSrcweir+xmlSecNssSlotInitialize( 4794*cdf0e10cSrcweir+ void 4795*cdf0e10cSrcweir+) { 4796*cdf0e10cSrcweir+ if( _xmlSecNssKeySlotList != NULL ) { 4797*cdf0e10cSrcweir+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; 4798*cdf0e10cSrcweir+ _xmlSecNssKeySlotList = NULL ; 4799*cdf0e10cSrcweir+ } 4800*cdf0e10cSrcweir+ 4801*cdf0e10cSrcweir+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; 4802*cdf0e10cSrcweir+ if( _xmlSecNssKeySlotList == NULL ) { 4803*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4804*cdf0e10cSrcweir+ NULL , 4805*cdf0e10cSrcweir+ NULL , 4806*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4807*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4808*cdf0e10cSrcweir+ return( -1 ); 4809*cdf0e10cSrcweir+ } 4810*cdf0e10cSrcweir+ 4811*cdf0e10cSrcweir+ return(0); 4812*cdf0e10cSrcweir+} 4813*cdf0e10cSrcweir+ 4814*cdf0e10cSrcweir+void 4815*cdf0e10cSrcweir+xmlSecNssSlotShutdown( 4816*cdf0e10cSrcweir+ void 4817*cdf0e10cSrcweir+) { 4818*cdf0e10cSrcweir+ if( _xmlSecNssKeySlotList != NULL ) { 4819*cdf0e10cSrcweir+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; 4820*cdf0e10cSrcweir+ _xmlSecNssKeySlotList = NULL ; 4821*cdf0e10cSrcweir+ } 4822*cdf0e10cSrcweir+} 4823*cdf0e10cSrcweir+ 4824*cdf0e10cSrcweir+int 4825*cdf0e10cSrcweir+xmlSecNssSlotAdopt( 4826*cdf0e10cSrcweir+ PK11SlotInfo* slot, 4827*cdf0e10cSrcweir+ CK_MECHANISM_TYPE type 4828*cdf0e10cSrcweir+) { 4829*cdf0e10cSrcweir+ xmlSecNssKeySlotPtr keySlot ; 4830*cdf0e10cSrcweir+ xmlSecSize ksSize ; 4831*cdf0e10cSrcweir+ xmlSecSize ksPos ; 4832*cdf0e10cSrcweir+ char flag ; 4833*cdf0e10cSrcweir+ 4834*cdf0e10cSrcweir+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; 4835*cdf0e10cSrcweir+ xmlSecAssert2( slot != NULL, -1 ) ; 4836*cdf0e10cSrcweir+ 4837*cdf0e10cSrcweir+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; 4838*cdf0e10cSrcweir+ 4839*cdf0e10cSrcweir+ /*- 4840*cdf0e10cSrcweir+ * Firstly, checking whether the slot is in the repository already. 4841*cdf0e10cSrcweir+ */ 4842*cdf0e10cSrcweir+ flag = 0 ; 4843*cdf0e10cSrcweir+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { 4844*cdf0e10cSrcweir+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; 4845*cdf0e10cSrcweir+ /* If find the slot in the list */ 4846*cdf0e10cSrcweir+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { 4847*cdf0e10cSrcweir+ /* If mechnism type is valid, bind the slot with the mechanism */ 4848*cdf0e10cSrcweir+ if( type != CKM_INVALID_MECHANISM ) { 4849*cdf0e10cSrcweir+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { 4850*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4851*cdf0e10cSrcweir+ NULL , 4852*cdf0e10cSrcweir+ NULL , 4853*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4854*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4855*cdf0e10cSrcweir+ return(-1); 4856*cdf0e10cSrcweir+ } 4857*cdf0e10cSrcweir+ } 4858*cdf0e10cSrcweir+ 4859*cdf0e10cSrcweir+ flag = 1 ; 4860*cdf0e10cSrcweir+ } 4861*cdf0e10cSrcweir+ } 4862*cdf0e10cSrcweir+ 4863*cdf0e10cSrcweir+ /* If the slot do not in the list, add a new item to the list */ 4864*cdf0e10cSrcweir+ if( flag == 0 ) { 4865*cdf0e10cSrcweir+ /* Create a new KeySlot */ 4866*cdf0e10cSrcweir+ keySlot = xmlSecNssKeySlotCreate() ; 4867*cdf0e10cSrcweir+ if( keySlot == NULL ) { 4868*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4869*cdf0e10cSrcweir+ NULL , 4870*cdf0e10cSrcweir+ NULL , 4871*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4872*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4873*cdf0e10cSrcweir+ return(-1); 4874*cdf0e10cSrcweir+ } 4875*cdf0e10cSrcweir+ 4876*cdf0e10cSrcweir+ /* Initialize the keySlot with a slot */ 4877*cdf0e10cSrcweir+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { 4878*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4879*cdf0e10cSrcweir+ NULL , 4880*cdf0e10cSrcweir+ NULL , 4881*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4882*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4883*cdf0e10cSrcweir+ xmlSecNssKeySlotDestroy( keySlot ) ; 4884*cdf0e10cSrcweir+ return(-1); 4885*cdf0e10cSrcweir+ } 4886*cdf0e10cSrcweir+ 4887*cdf0e10cSrcweir+ /* If mechnism type is valid, bind the slot with the mechanism */ 4888*cdf0e10cSrcweir+ if( type != CKM_INVALID_MECHANISM ) { 4889*cdf0e10cSrcweir+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { 4890*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4891*cdf0e10cSrcweir+ NULL , 4892*cdf0e10cSrcweir+ NULL , 4893*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4894*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4895*cdf0e10cSrcweir+ xmlSecNssKeySlotDestroy( keySlot ) ; 4896*cdf0e10cSrcweir+ return(-1); 4897*cdf0e10cSrcweir+ } 4898*cdf0e10cSrcweir+ } 4899*cdf0e10cSrcweir+ 4900*cdf0e10cSrcweir+ /* Add keySlot into the list */ 4901*cdf0e10cSrcweir+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { 4902*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 4903*cdf0e10cSrcweir+ NULL , 4904*cdf0e10cSrcweir+ NULL , 4905*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4906*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4907*cdf0e10cSrcweir+ xmlSecNssKeySlotDestroy( keySlot ) ; 4908*cdf0e10cSrcweir+ return(-1); 4909*cdf0e10cSrcweir+ } 4910*cdf0e10cSrcweir+ } 4911*cdf0e10cSrcweir+ 4912*cdf0e10cSrcweir+ return(0); 4913*cdf0e10cSrcweir+} 4914*cdf0e10cSrcweir+ 4915*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200 4916*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200 4917*cdf0e10cSrcweir@@ -34,7 +34,6 @@ 4918*cdf0e10cSrcweir #include <xmlsec/keys.h> 4919*cdf0e10cSrcweir #include <xmlsec/keyinfo.h> 4920*cdf0e10cSrcweir #include <xmlsec/keysmngr.h> 4921*cdf0e10cSrcweir-#include <xmlsec/x509.h> 4922*cdf0e10cSrcweir #include <xmlsec/base64.h> 4923*cdf0e10cSrcweir #include <xmlsec/errors.h> 4924*cdf0e10cSrcweir 4925*cdf0e10cSrcweir@@ -61,33 +60,18 @@ 4926*cdf0e10cSrcweir static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, 4927*cdf0e10cSrcweir xmlNodePtr node, 4928*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4929*cdf0e10cSrcweir-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, 4930*cdf0e10cSrcweir- xmlNodePtr node, 4931*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx); 4932*cdf0e10cSrcweir static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, 4933*cdf0e10cSrcweir xmlNodePtr node, 4934*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4935*cdf0e10cSrcweir-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, 4936*cdf0e10cSrcweir- xmlNodePtr node, 4937*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx); 4938*cdf0e10cSrcweir static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, 4939*cdf0e10cSrcweir xmlNodePtr node, 4940*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4941*cdf0e10cSrcweir-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, 4942*cdf0e10cSrcweir- xmlNodePtr node, 4943*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx); 4944*cdf0e10cSrcweir static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, 4945*cdf0e10cSrcweir xmlNodePtr node, 4946*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4947*cdf0e10cSrcweir-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, 4948*cdf0e10cSrcweir- xmlNodePtr node, 4949*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx); 4950*cdf0e10cSrcweir static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, 4951*cdf0e10cSrcweir xmlNodePtr node, 4952*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4953*cdf0e10cSrcweir-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, 4954*cdf0e10cSrcweir- xmlNodePtr node, 4955*cdf0e10cSrcweir- xmlSecKeyInfoCtxPtr keyInfoCtx); 4956*cdf0e10cSrcweir static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, 4957*cdf0e10cSrcweir xmlSecKeyPtr key, 4958*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4959*cdf0e10cSrcweir@@ -104,9 +88,6 @@ 4960*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx); 4961*cdf0e10cSrcweir static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, 4962*cdf0e10cSrcweir int base64LineWrap); 4963*cdf0e10cSrcweir-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); 4964*cdf0e10cSrcweir-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); 4965*cdf0e10cSrcweir-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); 4966*cdf0e10cSrcweir static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, 4967*cdf0e10cSrcweir FILE* output); 4968*cdf0e10cSrcweir static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, 4969*cdf0e10cSrcweir@@ -752,31 +733,22 @@ 4970*cdf0e10cSrcweir xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, 4971*cdf0e10cSrcweir xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 4972*cdf0e10cSrcweir xmlSecKeyDataPtr data; 4973*cdf0e10cSrcweir+ xmlNodePtr cur; 4974*cdf0e10cSrcweir+ xmlChar* buf; 4975*cdf0e10cSrcweir CERTCertificate* cert; 4976*cdf0e10cSrcweir CERTSignedCrl* crl; 4977*cdf0e10cSrcweir xmlSecSize size, pos; 4978*cdf0e10cSrcweir- int content = 0; 4979*cdf0e10cSrcweir- int ret; 4980*cdf0e10cSrcweir 4981*cdf0e10cSrcweir xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); 4982*cdf0e10cSrcweir xmlSecAssert2(key != NULL, -1); 4983*cdf0e10cSrcweir xmlSecAssert2(node != NULL, -1); 4984*cdf0e10cSrcweir xmlSecAssert2(keyInfoCtx != NULL, -1); 4985*cdf0e10cSrcweir 4986*cdf0e10cSrcweir- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); 4987*cdf0e10cSrcweir- if (content < 0) { 4988*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 4989*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4990*cdf0e10cSrcweir- "xmlSecX509DataGetNodeContent", 4991*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 4992*cdf0e10cSrcweir- "content=%d", content); 4993*cdf0e10cSrcweir- return(-1); 4994*cdf0e10cSrcweir- } else if(content == 0) { 4995*cdf0e10cSrcweir- /* by default we are writing certificates and crls */ 4996*cdf0e10cSrcweir- content = XMLSEC_X509DATA_DEFAULT; 4997*cdf0e10cSrcweir+ /* todo: flag in ctx remove all existing content */ 4998*cdf0e10cSrcweir+ if(0) { 4999*cdf0e10cSrcweir+ xmlNodeSetContent(node, NULL); 5000*cdf0e10cSrcweir } 5001*cdf0e10cSrcweir 5002*cdf0e10cSrcweir- /* get x509 data */ 5003*cdf0e10cSrcweir data = xmlSecKeyGetData(key, id); 5004*cdf0e10cSrcweir if(data == NULL) { 5005*cdf0e10cSrcweir /* no x509 data in the key */ 5006*cdf0e10cSrcweir@@ -796,79 +768,74 @@ 5007*cdf0e10cSrcweir return(-1); 5008*cdf0e10cSrcweir } 5009*cdf0e10cSrcweir 5010*cdf0e10cSrcweir- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { 5011*cdf0e10cSrcweir- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); 5012*cdf0e10cSrcweir- if(ret < 0) { 5013*cdf0e10cSrcweir+ /* set base64 lines size from context */ 5014*cdf0e10cSrcweir+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); 5015*cdf0e10cSrcweir+ if(buf == NULL) { 5016*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5017*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5018*cdf0e10cSrcweir- "xmlSecNssX509CertificateNodeWrite", 5019*cdf0e10cSrcweir+ "xmlSecNssX509CertBase64DerWrite", 5020*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 5021*cdf0e10cSrcweir- "pos=%d", pos); 5022*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 5023*cdf0e10cSrcweir return(-1); 5024*cdf0e10cSrcweir- } 5025*cdf0e10cSrcweir } 5026*cdf0e10cSrcweir 5027*cdf0e10cSrcweir- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { 5028*cdf0e10cSrcweir- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); 5029*cdf0e10cSrcweir- if(ret < 0) { 5030*cdf0e10cSrcweir+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); 5031*cdf0e10cSrcweir+ if(cur == NULL) { 5032*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5033*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5034*cdf0e10cSrcweir- "xmlSecNssX509SubjectNameNodeWrite", 5035*cdf0e10cSrcweir+ "xmlSecAddChild", 5036*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 5037*cdf0e10cSrcweir- "pos=%d", pos); 5038*cdf0e10cSrcweir+ "node=%s", 5039*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); 5040*cdf0e10cSrcweir+ xmlFree(buf); 5041*cdf0e10cSrcweir return(-1); 5042*cdf0e10cSrcweir- } 5043*cdf0e10cSrcweir } 5044*cdf0e10cSrcweir+ /* todo: add \n around base64 data - from context */ 5045*cdf0e10cSrcweir+ /* todo: add errors check */ 5046*cdf0e10cSrcweir+ xmlNodeSetContent(cur, xmlSecStringCR); 5047*cdf0e10cSrcweir+ xmlNodeSetContent(cur, buf); 5048*cdf0e10cSrcweir+ xmlFree(buf); 5049*cdf0e10cSrcweir+ } 5050*cdf0e10cSrcweir 5051*cdf0e10cSrcweir- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { 5052*cdf0e10cSrcweir- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); 5053*cdf0e10cSrcweir- if(ret < 0) { 5054*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5055*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5056*cdf0e10cSrcweir- "xmlSecNssX509IssuerSerialNodeWrite", 5057*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5058*cdf0e10cSrcweir- "pos=%d", pos); 5059*cdf0e10cSrcweir- return(-1); 5060*cdf0e10cSrcweir- } 5061*cdf0e10cSrcweir+ /* write crls */ 5062*cdf0e10cSrcweir+ size = xmlSecNssKeyDataX509GetCrlsSize(data); 5063*cdf0e10cSrcweir+ for(pos = 0; pos < size; ++pos) { 5064*cdf0e10cSrcweir+ crl = xmlSecNssKeyDataX509GetCrl(data, pos); 5065*cdf0e10cSrcweir+ if(crl == NULL) { 5066*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 5067*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5068*cdf0e10cSrcweir+ "xmlSecNssKeyDataX509GetCrl", 5069*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5070*cdf0e10cSrcweir+ "pos=%d", pos); 5071*cdf0e10cSrcweir+ return(-1); 5072*cdf0e10cSrcweir } 5073*cdf0e10cSrcweir 5074*cdf0e10cSrcweir- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { 5075*cdf0e10cSrcweir- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); 5076*cdf0e10cSrcweir- if(ret < 0) { 5077*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5078*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5079*cdf0e10cSrcweir- "xmlSecNssX509SKINodeWrite", 5080*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5081*cdf0e10cSrcweir- "pos=%d", pos); 5082*cdf0e10cSrcweir- return(-1); 5083*cdf0e10cSrcweir- } 5084*cdf0e10cSrcweir+ /* set base64 lines size from context */ 5085*cdf0e10cSrcweir+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); 5086*cdf0e10cSrcweir+ if(buf == NULL) { 5087*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 5088*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5089*cdf0e10cSrcweir+ "xmlSecNssX509CrlBase64DerWrite", 5090*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5091*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 5092*cdf0e10cSrcweir+ return(-1); 5093*cdf0e10cSrcweir } 5094*cdf0e10cSrcweir- } 5095*cdf0e10cSrcweir 5096*cdf0e10cSrcweir- /* write crls if needed */ 5097*cdf0e10cSrcweir- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { 5098*cdf0e10cSrcweir- size = xmlSecNssKeyDataX509GetCrlsSize(data); 5099*cdf0e10cSrcweir- for(pos = 0; pos < size; ++pos) { 5100*cdf0e10cSrcweir- crl = xmlSecNssKeyDataX509GetCrl(data, pos); 5101*cdf0e10cSrcweir- if(crl == NULL) { 5102*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5103*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5104*cdf0e10cSrcweir- "xmlSecNssKeyDataX509GetCrl", 5105*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5106*cdf0e10cSrcweir- "pos=%d", pos); 5107*cdf0e10cSrcweir- return(-1); 5108*cdf0e10cSrcweir- } 5109*cdf0e10cSrcweir- 5110*cdf0e10cSrcweir- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); 5111*cdf0e10cSrcweir- if(ret < 0) { 5112*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5113*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5114*cdf0e10cSrcweir- "xmlSecNssX509CRLNodeWrite", 5115*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5116*cdf0e10cSrcweir- "pos=%d", pos); 5117*cdf0e10cSrcweir- return(-1); 5118*cdf0e10cSrcweir- } 5119*cdf0e10cSrcweir- } 5120*cdf0e10cSrcweir+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); 5121*cdf0e10cSrcweir+ if(cur == NULL) { 5122*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 5123*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5124*cdf0e10cSrcweir+ "xmlSecAddChild", 5125*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5126*cdf0e10cSrcweir+ "new_node=%s", 5127*cdf0e10cSrcweir+ xmlSecErrorsSafeString(xmlSecNodeX509CRL)); 5128*cdf0e10cSrcweir+ xmlFree(buf); 5129*cdf0e10cSrcweir+ return(-1); 5130*cdf0e10cSrcweir+ } 5131*cdf0e10cSrcweir+ /* todo: add \n around base64 data - from context */ 5132*cdf0e10cSrcweir+ /* todo: add errors check */ 5133*cdf0e10cSrcweir+ xmlNodeSetContent(cur, xmlSecStringCR); 5134*cdf0e10cSrcweir+ xmlNodeSetContent(cur, buf); 5135*cdf0e10cSrcweir } 5136*cdf0e10cSrcweir 5137*cdf0e10cSrcweir return(0); 5138*cdf0e10cSrcweir@@ -1057,46 +1024,6 @@ 5139*cdf0e10cSrcweir return(0); 5140*cdf0e10cSrcweir } 5141*cdf0e10cSrcweir 5142*cdf0e10cSrcweir-static int 5143*cdf0e10cSrcweir-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5144*cdf0e10cSrcweir- xmlChar* buf; 5145*cdf0e10cSrcweir- xmlNodePtr cur; 5146*cdf0e10cSrcweir- 5147*cdf0e10cSrcweir- xmlSecAssert2(cert != NULL, -1); 5148*cdf0e10cSrcweir- xmlSecAssert2(node != NULL, -1); 5149*cdf0e10cSrcweir- xmlSecAssert2(keyInfoCtx != NULL, -1); 5150*cdf0e10cSrcweir- 5151*cdf0e10cSrcweir- /* set base64 lines size from context */ 5152*cdf0e10cSrcweir- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); 5153*cdf0e10cSrcweir- if(buf == NULL) { 5154*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5155*cdf0e10cSrcweir- NULL, 5156*cdf0e10cSrcweir- "xmlSecNssX509CertBase64DerWrite", 5157*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5158*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5159*cdf0e10cSrcweir- return(-1); 5160*cdf0e10cSrcweir- } 5161*cdf0e10cSrcweir- 5162*cdf0e10cSrcweir- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); 5163*cdf0e10cSrcweir- if(cur == NULL) { 5164*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5165*cdf0e10cSrcweir- NULL, 5166*cdf0e10cSrcweir- "xmlSecAddChild", 5167*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5168*cdf0e10cSrcweir- "node=%s", 5169*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); 5170*cdf0e10cSrcweir- xmlFree(buf); 5171*cdf0e10cSrcweir- return(-1); 5172*cdf0e10cSrcweir- } 5173*cdf0e10cSrcweir- 5174*cdf0e10cSrcweir- /* todo: add \n around base64 data - from context */ 5175*cdf0e10cSrcweir- /* todo: add errors check */ 5176*cdf0e10cSrcweir- xmlNodeSetContent(cur, xmlSecStringCR); 5177*cdf0e10cSrcweir- xmlNodeSetContent(cur, buf); 5178*cdf0e10cSrcweir- xmlFree(buf); 5179*cdf0e10cSrcweir- return(0); 5180*cdf0e10cSrcweir-} 5181*cdf0e10cSrcweir- 5182*cdf0e10cSrcweir static int 5183*cdf0e10cSrcweir xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5184*cdf0e10cSrcweir xmlSecKeyDataStorePtr x509Store; 5185*cdf0e10cSrcweir@@ -1120,19 +1047,13 @@ 5186*cdf0e10cSrcweir } 5187*cdf0e10cSrcweir 5188*cdf0e10cSrcweir subject = xmlNodeGetContent(node); 5189*cdf0e10cSrcweir- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { 5190*cdf0e10cSrcweir- if(subject != NULL) { 5191*cdf0e10cSrcweir- xmlFree(subject); 5192*cdf0e10cSrcweir- } 5193*cdf0e10cSrcweir- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5194*cdf0e10cSrcweir+ if(subject == NULL) { 5195*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5196*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5197*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 5198*cdf0e10cSrcweir XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, 5199*cdf0e10cSrcweir XMLSEC_ERRORS_NO_MESSAGE); 5200*cdf0e10cSrcweir return(-1); 5201*cdf0e10cSrcweir- } 5202*cdf0e10cSrcweir- return(0); 5203*cdf0e10cSrcweir } 5204*cdf0e10cSrcweir 5205*cdf0e10cSrcweir cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); 5206*cdf0e10cSrcweir@@ -1169,40 +1090,6 @@ 5207*cdf0e10cSrcweir return(0); 5208*cdf0e10cSrcweir } 5209*cdf0e10cSrcweir 5210*cdf0e10cSrcweir-static int 5211*cdf0e10cSrcweir-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { 5212*cdf0e10cSrcweir- xmlChar* buf = NULL; 5213*cdf0e10cSrcweir- xmlNodePtr cur = NULL; 5214*cdf0e10cSrcweir- 5215*cdf0e10cSrcweir- xmlSecAssert2(cert != NULL, -1); 5216*cdf0e10cSrcweir- xmlSecAssert2(node != NULL, -1); 5217*cdf0e10cSrcweir- 5218*cdf0e10cSrcweir- buf = xmlSecNssX509NameWrite(&(cert->subject)); 5219*cdf0e10cSrcweir- if(buf == NULL) { 5220*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5221*cdf0e10cSrcweir- NULL, 5222*cdf0e10cSrcweir- "xmlSecNssX509NameWrite(&(cert->subject))", 5223*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5224*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5225*cdf0e10cSrcweir- return(-1); 5226*cdf0e10cSrcweir- } 5227*cdf0e10cSrcweir- 5228*cdf0e10cSrcweir- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); 5229*cdf0e10cSrcweir- if(cur == NULL) { 5230*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5231*cdf0e10cSrcweir- NULL, 5232*cdf0e10cSrcweir- "xmlSecAddChild", 5233*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5234*cdf0e10cSrcweir- "node=%s", 5235*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); 5236*cdf0e10cSrcweir- xmlFree(buf); 5237*cdf0e10cSrcweir- return(-1); 5238*cdf0e10cSrcweir- } 5239*cdf0e10cSrcweir- xmlSecNodeEncodeAndSetContent(cur, buf); 5240*cdf0e10cSrcweir- xmlFree(buf); 5241*cdf0e10cSrcweir- return(0); 5242*cdf0e10cSrcweir-} 5243*cdf0e10cSrcweir- 5244*cdf0e10cSrcweir static int 5245*cdf0e10cSrcweir xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5246*cdf0e10cSrcweir xmlSecKeyDataStorePtr x509Store; 5247*cdf0e10cSrcweir@@ -1228,21 +1115,9 @@ 5248*cdf0e10cSrcweir } 5249*cdf0e10cSrcweir 5250*cdf0e10cSrcweir cur = xmlSecGetNextElementNode(node->children); 5251*cdf0e10cSrcweir- if(cur == NULL) { 5252*cdf0e10cSrcweir- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5253*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5254*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5255*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), 5256*cdf0e10cSrcweir- XMLSEC_ERRORS_R_NODE_NOT_FOUND, 5257*cdf0e10cSrcweir- "node=%s", 5258*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); 5259*cdf0e10cSrcweir- return(-1); 5260*cdf0e10cSrcweir- } 5261*cdf0e10cSrcweir- return(0); 5262*cdf0e10cSrcweir- } 5263*cdf0e10cSrcweir 5264*cdf0e10cSrcweir /* the first is required node X509IssuerName */ 5265*cdf0e10cSrcweir- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { 5266*cdf0e10cSrcweir+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { 5267*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5268*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5269*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), 5270*cdf0e10cSrcweir@@ -1336,78 +1211,6 @@ 5271*cdf0e10cSrcweir return(0); 5272*cdf0e10cSrcweir } 5273*cdf0e10cSrcweir 5274*cdf0e10cSrcweir-static int 5275*cdf0e10cSrcweir-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { 5276*cdf0e10cSrcweir- xmlNodePtr cur; 5277*cdf0e10cSrcweir- xmlNodePtr issuerNameNode; 5278*cdf0e10cSrcweir- xmlNodePtr issuerNumberNode; 5279*cdf0e10cSrcweir- xmlChar* buf; 5280*cdf0e10cSrcweir- 5281*cdf0e10cSrcweir- xmlSecAssert2(cert != NULL, -1); 5282*cdf0e10cSrcweir- xmlSecAssert2(node != NULL, -1); 5283*cdf0e10cSrcweir- 5284*cdf0e10cSrcweir- /* create xml nodes */ 5285*cdf0e10cSrcweir- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); 5286*cdf0e10cSrcweir- if(cur == NULL) { 5287*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5288*cdf0e10cSrcweir- NULL, 5289*cdf0e10cSrcweir- "xmlSecAddChild", 5290*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5291*cdf0e10cSrcweir- "node=%s", 5292*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); 5293*cdf0e10cSrcweir- return(-1); 5294*cdf0e10cSrcweir- } 5295*cdf0e10cSrcweir- 5296*cdf0e10cSrcweir- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); 5297*cdf0e10cSrcweir- if(issuerNameNode == NULL) { 5298*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5299*cdf0e10cSrcweir- NULL, 5300*cdf0e10cSrcweir- "xmlSecAddChild", 5301*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5302*cdf0e10cSrcweir- "node=%s", 5303*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); 5304*cdf0e10cSrcweir- return(-1); 5305*cdf0e10cSrcweir- } 5306*cdf0e10cSrcweir- 5307*cdf0e10cSrcweir- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); 5308*cdf0e10cSrcweir- if(issuerNumberNode == NULL) { 5309*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5310*cdf0e10cSrcweir- NULL, 5311*cdf0e10cSrcweir- "xmlSecAddChild", 5312*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5313*cdf0e10cSrcweir- "node=%s", 5314*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); 5315*cdf0e10cSrcweir- return(-1); 5316*cdf0e10cSrcweir- } 5317*cdf0e10cSrcweir- 5318*cdf0e10cSrcweir- /* write data */ 5319*cdf0e10cSrcweir- buf = xmlSecNssX509NameWrite(&(cert->issuer)); 5320*cdf0e10cSrcweir- if(buf == NULL) { 5321*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5322*cdf0e10cSrcweir- NULL, 5323*cdf0e10cSrcweir- "xmlSecNssX509NameWrite(&(cert->issuer))", 5324*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5325*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5326*cdf0e10cSrcweir- return(-1); 5327*cdf0e10cSrcweir- } 5328*cdf0e10cSrcweir- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); 5329*cdf0e10cSrcweir- xmlFree(buf); 5330*cdf0e10cSrcweir- 5331*cdf0e10cSrcweir- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); 5332*cdf0e10cSrcweir- if(buf == NULL) { 5333*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5334*cdf0e10cSrcweir- NULL, 5335*cdf0e10cSrcweir- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", 5336*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5337*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5338*cdf0e10cSrcweir- return(-1); 5339*cdf0e10cSrcweir- } 5340*cdf0e10cSrcweir- xmlNodeSetContent(issuerNumberNode, buf); 5341*cdf0e10cSrcweir- xmlFree(buf); 5342*cdf0e10cSrcweir- 5343*cdf0e10cSrcweir- return(0); 5344*cdf0e10cSrcweir-} 5345*cdf0e10cSrcweir- 5346*cdf0e10cSrcweir static int 5347*cdf0e10cSrcweir xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5348*cdf0e10cSrcweir xmlSecKeyDataStorePtr x509Store; 5349*cdf0e10cSrcweir@@ -1431,11 +1234,7 @@ 5350*cdf0e10cSrcweir } 5351*cdf0e10cSrcweir 5352*cdf0e10cSrcweir ski = xmlNodeGetContent(node); 5353*cdf0e10cSrcweir- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { 5354*cdf0e10cSrcweir- if(ski != NULL) { 5355*cdf0e10cSrcweir- xmlFree(ski); 5356*cdf0e10cSrcweir- } 5357*cdf0e10cSrcweir- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5358*cdf0e10cSrcweir+ if(ski == NULL) { 5359*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5360*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5361*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 5362*cdf0e10cSrcweir@@ -1443,8 +1242,6 @@ 5363*cdf0e10cSrcweir "node=%s", 5364*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecNodeX509SKI)); 5365*cdf0e10cSrcweir return(-1); 5366*cdf0e10cSrcweir- } 5367*cdf0e10cSrcweir- return(0); 5368*cdf0e10cSrcweir } 5369*cdf0e10cSrcweir 5370*cdf0e10cSrcweir cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); 5371*cdf0e10cSrcweir@@ -1479,41 +1276,6 @@ 5372*cdf0e10cSrcweir return(0); 5373*cdf0e10cSrcweir } 5374*cdf0e10cSrcweir 5375*cdf0e10cSrcweir-static int 5376*cdf0e10cSrcweir-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { 5377*cdf0e10cSrcweir- xmlChar *buf = NULL; 5378*cdf0e10cSrcweir- xmlNodePtr cur = NULL; 5379*cdf0e10cSrcweir- 5380*cdf0e10cSrcweir- xmlSecAssert2(cert != NULL, -1); 5381*cdf0e10cSrcweir- xmlSecAssert2(node != NULL, -1); 5382*cdf0e10cSrcweir- 5383*cdf0e10cSrcweir- buf = xmlSecNssX509SKIWrite(cert); 5384*cdf0e10cSrcweir- if(buf == NULL) { 5385*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5386*cdf0e10cSrcweir- NULL, 5387*cdf0e10cSrcweir- "xmlSecNssX509SKIWrite", 5388*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5389*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5390*cdf0e10cSrcweir- return(-1); 5391*cdf0e10cSrcweir- } 5392*cdf0e10cSrcweir- 5393*cdf0e10cSrcweir- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); 5394*cdf0e10cSrcweir- if(cur == NULL) { 5395*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5396*cdf0e10cSrcweir- NULL, 5397*cdf0e10cSrcweir- "xmlSecAddChild", 5398*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5399*cdf0e10cSrcweir- "new_node=%s", 5400*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); 5401*cdf0e10cSrcweir- xmlFree(buf); 5402*cdf0e10cSrcweir- return(-1); 5403*cdf0e10cSrcweir- } 5404*cdf0e10cSrcweir- xmlSecNodeEncodeAndSetContent(cur, buf); 5405*cdf0e10cSrcweir- xmlFree(buf); 5406*cdf0e10cSrcweir- 5407*cdf0e10cSrcweir- return(0); 5408*cdf0e10cSrcweir-} 5409*cdf0e10cSrcweir- 5410*cdf0e10cSrcweir static int 5411*cdf0e10cSrcweir xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5412*cdf0e10cSrcweir xmlChar *content; 5413*cdf0e10cSrcweir@@ -1524,19 +1286,13 @@ 5414*cdf0e10cSrcweir xmlSecAssert2(keyInfoCtx != NULL, -1); 5415*cdf0e10cSrcweir 5416*cdf0e10cSrcweir content = xmlNodeGetContent(node); 5417*cdf0e10cSrcweir- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { 5418*cdf0e10cSrcweir- if(content != NULL) { 5419*cdf0e10cSrcweir- xmlFree(content); 5420*cdf0e10cSrcweir- } 5421*cdf0e10cSrcweir- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5422*cdf0e10cSrcweir+ if(content == NULL){ 5423*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5424*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5425*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 5426*cdf0e10cSrcweir XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, 5427*cdf0e10cSrcweir XMLSEC_ERRORS_NO_MESSAGE); 5428*cdf0e10cSrcweir return(-1); 5429*cdf0e10cSrcweir- } 5430*cdf0e10cSrcweir- return(0); 5431*cdf0e10cSrcweir } 5432*cdf0e10cSrcweir 5433*cdf0e10cSrcweir crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); 5434*cdf0e10cSrcweir@@ -1556,47 +1312,6 @@ 5435*cdf0e10cSrcweir } 5436*cdf0e10cSrcweir 5437*cdf0e10cSrcweir static int 5438*cdf0e10cSrcweir-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5439*cdf0e10cSrcweir- xmlChar* buf = NULL; 5440*cdf0e10cSrcweir- xmlNodePtr cur = NULL; 5441*cdf0e10cSrcweir- 5442*cdf0e10cSrcweir- xmlSecAssert2(crl != NULL, -1); 5443*cdf0e10cSrcweir- xmlSecAssert2(node != NULL, -1); 5444*cdf0e10cSrcweir- xmlSecAssert2(keyInfoCtx != NULL, -1); 5445*cdf0e10cSrcweir- 5446*cdf0e10cSrcweir- /* set base64 lines size from context */ 5447*cdf0e10cSrcweir- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); 5448*cdf0e10cSrcweir- if(buf == NULL) { 5449*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5450*cdf0e10cSrcweir- NULL, 5451*cdf0e10cSrcweir- "xmlSecNssX509CrlBase64DerWrite", 5452*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5453*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5454*cdf0e10cSrcweir- return(-1); 5455*cdf0e10cSrcweir- } 5456*cdf0e10cSrcweir- 5457*cdf0e10cSrcweir- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); 5458*cdf0e10cSrcweir- if(cur == NULL) { 5459*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5460*cdf0e10cSrcweir- NULL, 5461*cdf0e10cSrcweir- "xmlSecAddChild", 5462*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5463*cdf0e10cSrcweir- "new_node=%s", 5464*cdf0e10cSrcweir- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); 5465*cdf0e10cSrcweir- xmlFree(buf); 5466*cdf0e10cSrcweir- return(-1); 5467*cdf0e10cSrcweir- } 5468*cdf0e10cSrcweir- /* todo: add \n around base64 data - from context */ 5469*cdf0e10cSrcweir- /* todo: add errors check */ 5470*cdf0e10cSrcweir- xmlNodeSetContent(cur, xmlSecStringCR); 5471*cdf0e10cSrcweir- xmlNodeSetContent(cur, buf); 5472*cdf0e10cSrcweir- xmlFree(buf); 5473*cdf0e10cSrcweir- 5474*cdf0e10cSrcweir- return(0); 5475*cdf0e10cSrcweir-} 5476*cdf0e10cSrcweir- 5477*cdf0e10cSrcweir- 5478*cdf0e10cSrcweir-static int 5479*cdf0e10cSrcweir xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, 5480*cdf0e10cSrcweir xmlSecKeyInfoCtxPtr keyInfoCtx) { 5481*cdf0e10cSrcweir xmlSecNssX509DataCtxPtr ctx; 5482*cdf0e10cSrcweir@@ -1604,6 +1319,10 @@ 5483*cdf0e10cSrcweir int ret; 5484*cdf0e10cSrcweir SECStatus status; 5485*cdf0e10cSrcweir PRTime notBefore, notAfter; 5486*cdf0e10cSrcweir+ 5487*cdf0e10cSrcweir+ PK11SlotInfo* slot ; 5488*cdf0e10cSrcweir+ SECKEYPublicKey *pubKey = NULL; 5489*cdf0e10cSrcweir+ SECKEYPrivateKey *priKey = NULL; 5490*cdf0e10cSrcweir 5491*cdf0e10cSrcweir xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); 5492*cdf0e10cSrcweir xmlSecAssert2(key != NULL, -1); 5493*cdf0e10cSrcweir@@ -1636,10 +1355,14 @@ 5494*cdf0e10cSrcweir xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5495*cdf0e10cSrcweir "CERT_DupCertificate", 5496*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 5497*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5498*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 5499*cdf0e10cSrcweir return(-1); 5500*cdf0e10cSrcweir } 5501*cdf0e10cSrcweir- 5502*cdf0e10cSrcweir+ 5503*cdf0e10cSrcweir+ /*- 5504*cdf0e10cSrcweir+ * Get Public key from cert, which does not always work for sign 5505*cdf0e10cSrcweir+ * action. 5506*cdf0e10cSrcweir+ * 5507*cdf0e10cSrcweir keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); 5508*cdf0e10cSrcweir if(keyValue == NULL) { 5509*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5510*cdf0e10cSrcweir@@ -1649,6 +1372,54 @@ 5511*cdf0e10cSrcweir XMLSEC_ERRORS_NO_MESSAGE); 5512*cdf0e10cSrcweir return(-1); 5513*cdf0e10cSrcweir } 5514*cdf0e10cSrcweir+ */ 5515*cdf0e10cSrcweir+ /*- 5516*cdf0e10cSrcweir+ * I'll search key according to KeyReq. 5517*cdf0e10cSrcweir+ */ 5518*cdf0e10cSrcweir+ slot = cert->slot ; 5519*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { 5520*cdf0e10cSrcweir+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { 5521*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 5522*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 5523*cdf0e10cSrcweir+ "PK11_FindPrivateKeyFromCert" , 5524*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 5525*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 5526*cdf0e10cSrcweir+ return -1 ; 5527*cdf0e10cSrcweir+ } 5528*cdf0e10cSrcweir+ } 5529*cdf0e10cSrcweir+ 5530*cdf0e10cSrcweir+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { 5531*cdf0e10cSrcweir+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { 5532*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 5533*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 5534*cdf0e10cSrcweir+ "CERT_ExtractPublicKey" , 5535*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 5536*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 5537*cdf0e10cSrcweir+ 5538*cdf0e10cSrcweir+ 5539*cdf0e10cSrcweir+ if( priKey != NULL ) 5540*cdf0e10cSrcweir+ SECKEY_DestroyPrivateKey( priKey ) ; 5541*cdf0e10cSrcweir+ return -1 ; 5542*cdf0e10cSrcweir+ } 5543*cdf0e10cSrcweir+ } 5544*cdf0e10cSrcweir+ 5545*cdf0e10cSrcweir+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); 5546*cdf0e10cSrcweir+ if( keyValue == NULL ) { 5547*cdf0e10cSrcweir+ xmlSecError( XMLSEC_ERRORS_HERE , 5548*cdf0e10cSrcweir+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 5549*cdf0e10cSrcweir+ "xmlSecNssPKIAdoptKey" , 5550*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 5551*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 5552*cdf0e10cSrcweir+ 5553*cdf0e10cSrcweir+ if( priKey != NULL ) 5554*cdf0e10cSrcweir+ SECKEY_DestroyPrivateKey( priKey ) ; 5555*cdf0e10cSrcweir+ 5556*cdf0e10cSrcweir+ if( pubKey != NULL ) 5557*cdf0e10cSrcweir+ SECKEY_DestroyPublicKey( pubKey ) ; 5558*cdf0e10cSrcweir+ 5559*cdf0e10cSrcweir+ return -1 ; 5560*cdf0e10cSrcweir+ } 5561*cdf0e10cSrcweir+ /* Modify keyValue get Done */ 5562*cdf0e10cSrcweir 5563*cdf0e10cSrcweir /* verify that the key matches our expectations */ 5564*cdf0e10cSrcweir if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { 5565*cdf0e10cSrcweir@@ -1950,86 +1721,6 @@ 5566*cdf0e10cSrcweir return(res); 5567*cdf0e10cSrcweir } 5568*cdf0e10cSrcweir 5569*cdf0e10cSrcweir-static xmlChar* 5570*cdf0e10cSrcweir-xmlSecNssX509NameWrite(CERTName* nm) { 5571*cdf0e10cSrcweir- xmlChar *res = NULL; 5572*cdf0e10cSrcweir- char *str; 5573*cdf0e10cSrcweir- 5574*cdf0e10cSrcweir- xmlSecAssert2(nm != NULL, NULL); 5575*cdf0e10cSrcweir- 5576*cdf0e10cSrcweir- str = CERT_NameToAscii(nm); 5577*cdf0e10cSrcweir- if (str == NULL) { 5578*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5579*cdf0e10cSrcweir- NULL, 5580*cdf0e10cSrcweir- "CERT_NameToAscii", 5581*cdf0e10cSrcweir- XMLSEC_ERRORS_R_CRYPTO_FAILED, 5582*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5583*cdf0e10cSrcweir- return(NULL); 5584*cdf0e10cSrcweir- } 5585*cdf0e10cSrcweir- 5586*cdf0e10cSrcweir- res = xmlStrdup(BAD_CAST str); 5587*cdf0e10cSrcweir- if(res == NULL) { 5588*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5589*cdf0e10cSrcweir- NULL, 5590*cdf0e10cSrcweir- "xmlStrdup", 5591*cdf0e10cSrcweir- XMLSEC_ERRORS_R_MALLOC_FAILED, 5592*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5593*cdf0e10cSrcweir- PORT_Free(str); 5594*cdf0e10cSrcweir- return(NULL); 5595*cdf0e10cSrcweir- } 5596*cdf0e10cSrcweir- PORT_Free(str); 5597*cdf0e10cSrcweir- return(res); 5598*cdf0e10cSrcweir-} 5599*cdf0e10cSrcweir- 5600*cdf0e10cSrcweir-static xmlChar* 5601*cdf0e10cSrcweir-xmlSecNssASN1IntegerWrite(SECItem *num) { 5602*cdf0e10cSrcweir- xmlChar *res = NULL; 5603*cdf0e10cSrcweir- 5604*cdf0e10cSrcweir- xmlSecAssert2(num != NULL, NULL); 5605*cdf0e10cSrcweir- 5606*cdf0e10cSrcweir- /* TODO : to be implemented after 5607*cdf0e10cSrcweir- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed 5608*cdf0e10cSrcweir- */ 5609*cdf0e10cSrcweir- return(res); 5610*cdf0e10cSrcweir-} 5611*cdf0e10cSrcweir- 5612*cdf0e10cSrcweir-static xmlChar* 5613*cdf0e10cSrcweir-xmlSecNssX509SKIWrite(CERTCertificate* cert) { 5614*cdf0e10cSrcweir- xmlChar *res = NULL; 5615*cdf0e10cSrcweir- SECItem ski; 5616*cdf0e10cSrcweir- SECStatus rv; 5617*cdf0e10cSrcweir- 5618*cdf0e10cSrcweir- xmlSecAssert2(cert != NULL, NULL); 5619*cdf0e10cSrcweir- 5620*cdf0e10cSrcweir- memset(&ski, 0, sizeof(ski)); 5621*cdf0e10cSrcweir- 5622*cdf0e10cSrcweir- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); 5623*cdf0e10cSrcweir- if (rv != SECSuccess) { 5624*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5625*cdf0e10cSrcweir- NULL, 5626*cdf0e10cSrcweir- "CERT_FindSubjectKeyIDExtension", 5627*cdf0e10cSrcweir- XMLSEC_ERRORS_R_CRYPTO_FAILED, 5628*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5629*cdf0e10cSrcweir- SECITEM_FreeItem(&ski, PR_FALSE); 5630*cdf0e10cSrcweir- return(NULL); 5631*cdf0e10cSrcweir- } 5632*cdf0e10cSrcweir- 5633*cdf0e10cSrcweir- res = xmlSecBase64Encode(ski.data, ski.len, 0); 5634*cdf0e10cSrcweir- if(res == NULL) { 5635*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5636*cdf0e10cSrcweir- NULL, 5637*cdf0e10cSrcweir- "xmlSecBase64Encode", 5638*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5639*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5640*cdf0e10cSrcweir- SECITEM_FreeItem(&ski, PR_FALSE); 5641*cdf0e10cSrcweir- return(NULL); 5642*cdf0e10cSrcweir- } 5643*cdf0e10cSrcweir- SECITEM_FreeItem(&ski, PR_FALSE); 5644*cdf0e10cSrcweir- 5645*cdf0e10cSrcweir- return(res); 5646*cdf0e10cSrcweir-} 5647*cdf0e10cSrcweir- 5648*cdf0e10cSrcweir- 5649*cdf0e10cSrcweir static void 5650*cdf0e10cSrcweir xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { 5651*cdf0e10cSrcweir SECItem *sn; 5652*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 5653*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200 5654*cdf0e10cSrcweir@@ -30,6 +30,7 @@ 5655*cdf0e10cSrcweir #include <xmlsec/keyinfo.h> 5656*cdf0e10cSrcweir #include <xmlsec/keysmngr.h> 5657*cdf0e10cSrcweir #include <xmlsec/base64.h> 5658*cdf0e10cSrcweir+#include <xmlsec/bn.h> 5659*cdf0e10cSrcweir #include <xmlsec/errors.h> 5660*cdf0e10cSrcweir 5661*cdf0e10cSrcweir #include <xmlsec/nss/crypto.h> 5662*cdf0e10cSrcweir@@ -61,17 +62,7 @@ 5663*cdf0e10cSrcweir 5664*cdf0e10cSrcweir static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); 5665*cdf0e10cSrcweir static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); 5666*cdf0e10cSrcweir-static int xmlSecNssX509NameStringRead (xmlSecByte **str, 5667*cdf0e10cSrcweir- int *strLen, 5668*cdf0e10cSrcweir- xmlSecByte *res, 5669*cdf0e10cSrcweir- int resLen, 5670*cdf0e10cSrcweir- xmlSecByte delim, 5671*cdf0e10cSrcweir- int ingoreTrailingSpaces); 5672*cdf0e10cSrcweir-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, 5673*cdf0e10cSrcweir- int len); 5674*cdf0e10cSrcweir- 5675*cdf0e10cSrcweir-static void xmlSecNssNumToItem(SECItem *it, unsigned long num); 5676*cdf0e10cSrcweir- 5677*cdf0e10cSrcweir+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; 5678*cdf0e10cSrcweir 5679*cdf0e10cSrcweir static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { 5680*cdf0e10cSrcweir sizeof(xmlSecKeyDataStoreKlass), 5681*cdf0e10cSrcweir@@ -339,40 +330,28 @@ 5682*cdf0e10cSrcweir xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, 5683*cdf0e10cSrcweir xmlChar *issuerSerial, xmlChar *ski) { 5684*cdf0e10cSrcweir CERTCertificate *cert = NULL; 5685*cdf0e10cSrcweir- xmlChar *p = NULL; 5686*cdf0e10cSrcweir CERTName *name = NULL; 5687*cdf0e10cSrcweir SECItem *nameitem = NULL; 5688*cdf0e10cSrcweir PRArenaPool *arena = NULL; 5689*cdf0e10cSrcweir 5690*cdf0e10cSrcweir if (subjectName != NULL) { 5691*cdf0e10cSrcweir- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); 5692*cdf0e10cSrcweir- if (p == NULL) { 5693*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5694*cdf0e10cSrcweir- NULL, 5695*cdf0e10cSrcweir- "xmlSecNssX509NameRead", 5696*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5697*cdf0e10cSrcweir- "subject=%s", 5698*cdf0e10cSrcweir- xmlSecErrorsSafeString(subjectName)); 5699*cdf0e10cSrcweir- goto done; 5700*cdf0e10cSrcweir- } 5701*cdf0e10cSrcweir- 5702*cdf0e10cSrcweir arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 5703*cdf0e10cSrcweir if (arena == NULL) { 5704*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5705*cdf0e10cSrcweir NULL, 5706*cdf0e10cSrcweir "PORT_NewArena", 5707*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 5708*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5709*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 5710*cdf0e10cSrcweir goto done; 5711*cdf0e10cSrcweir } 5712*cdf0e10cSrcweir 5713*cdf0e10cSrcweir- name = CERT_AsciiToName((char*)p); 5714*cdf0e10cSrcweir+ name = CERT_AsciiToName((char*)subjectName); 5715*cdf0e10cSrcweir if (name == NULL) { 5716*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5717*cdf0e10cSrcweir NULL, 5718*cdf0e10cSrcweir "CERT_AsciiToName", 5719*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 5720*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5721*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 5722*cdf0e10cSrcweir goto done; 5723*cdf0e10cSrcweir } 5724*cdf0e10cSrcweir 5725*cdf0e10cSrcweir@@ -394,34 +373,23 @@ 5726*cdf0e10cSrcweir if((issuerName != NULL) && (issuerSerial != NULL)) { 5727*cdf0e10cSrcweir CERTIssuerAndSN issuerAndSN; 5728*cdf0e10cSrcweir 5729*cdf0e10cSrcweir- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); 5730*cdf0e10cSrcweir- if (p == NULL) { 5731*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5732*cdf0e10cSrcweir- NULL, 5733*cdf0e10cSrcweir- "xmlSecNssX509NameRead", 5734*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5735*cdf0e10cSrcweir- "issuer=%s", 5736*cdf0e10cSrcweir- xmlSecErrorsSafeString(issuerName)); 5737*cdf0e10cSrcweir- goto done; 5738*cdf0e10cSrcweir- } 5739*cdf0e10cSrcweir- 5740*cdf0e10cSrcweir arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 5741*cdf0e10cSrcweir if (arena == NULL) { 5742*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5743*cdf0e10cSrcweir NULL, 5744*cdf0e10cSrcweir "PORT_NewArena", 5745*cdf0e10cSrcweir XMLSEC_ERRORS_R_CRYPTO_FAILED, 5746*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5747*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 5748*cdf0e10cSrcweir goto done; 5749*cdf0e10cSrcweir } 5750*cdf0e10cSrcweir 5751*cdf0e10cSrcweir- name = CERT_AsciiToName((char*)p); 5752*cdf0e10cSrcweir+ name = CERT_AsciiToName((char*)issuerName); 5753*cdf0e10cSrcweir if (name == NULL) { 5754*cdf0e10cSrcweir xmlSecError(XMLSEC_ERRORS_HERE, 5755*cdf0e10cSrcweir NULL, 5756*cdf0e10cSrcweir "CERT_AsciiToName", 5757*cdf0e10cSrcweir XMLSEC_ERRORS_R_XMLSEC_FAILED, 5758*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5759*cdf0e10cSrcweir+ "error code=%d", PORT_GetError()); 5760*cdf0e10cSrcweir goto done; 5761*cdf0e10cSrcweir } 5762*cdf0e10cSrcweir 5763*cdf0e10cSrcweir@@ -441,8 +409,15 @@ 5764*cdf0e10cSrcweir issuerAndSN.derIssuer.data = nameitem->data; 5765*cdf0e10cSrcweir issuerAndSN.derIssuer.len = nameitem->len; 5766*cdf0e10cSrcweir 5767*cdf0e10cSrcweir- /* TBD: serial num can be arbitrarily long */ 5768*cdf0e10cSrcweir- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); 5769*cdf0e10cSrcweir+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { 5770*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 5771*cdf0e10cSrcweir+ NULL, 5772*cdf0e10cSrcweir+ "xmlSecNssIntegerToItem", 5773*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5774*cdf0e10cSrcweir+ "serial number=%s", 5775*cdf0e10cSrcweir+ xmlSecErrorsSafeString(issuerSerial)); 5776*cdf0e10cSrcweir+ goto done; 5777*cdf0e10cSrcweir+ } 5778*cdf0e10cSrcweir 5779*cdf0e10cSrcweir cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), 5780*cdf0e10cSrcweir &issuerAndSN); 5781*cdf0e10cSrcweir@@ -473,9 +448,6 @@ 5782*cdf0e10cSrcweir } 5783*cdf0e10cSrcweir 5784*cdf0e10cSrcweir done: 5785*cdf0e10cSrcweir- if (p != NULL) { 5786*cdf0e10cSrcweir- PORT_Free(p); 5787*cdf0e10cSrcweir- } 5788*cdf0e10cSrcweir if (arena != NULL) { 5789*cdf0e10cSrcweir PORT_FreeArena(arena, PR_FALSE); 5790*cdf0e10cSrcweir } 5791*cdf0e10cSrcweir@@ -486,176 +458,6 @@ 5792*cdf0e10cSrcweir return(cert); 5793*cdf0e10cSrcweir } 5794*cdf0e10cSrcweir 5795*cdf0e10cSrcweir-static xmlSecByte * 5796*cdf0e10cSrcweir-xmlSecNssX509NameRead(xmlSecByte *str, int len) { 5797*cdf0e10cSrcweir- xmlSecByte name[256]; 5798*cdf0e10cSrcweir- xmlSecByte value[256]; 5799*cdf0e10cSrcweir- xmlSecByte *retval = NULL; 5800*cdf0e10cSrcweir- xmlSecByte *p = NULL; 5801*cdf0e10cSrcweir- int nameLen, valueLen; 5802*cdf0e10cSrcweir- 5803*cdf0e10cSrcweir- xmlSecAssert2(str != NULL, NULL); 5804*cdf0e10cSrcweir- 5805*cdf0e10cSrcweir- /* return string should be no longer than input string */ 5806*cdf0e10cSrcweir- retval = (xmlSecByte *)PORT_Alloc(len+1); 5807*cdf0e10cSrcweir- if(retval == NULL) { 5808*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5809*cdf0e10cSrcweir- NULL, 5810*cdf0e10cSrcweir- "PORT_Alloc", 5811*cdf0e10cSrcweir- XMLSEC_ERRORS_R_MALLOC_FAILED, 5812*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5813*cdf0e10cSrcweir- return(NULL); 5814*cdf0e10cSrcweir- } 5815*cdf0e10cSrcweir- p = retval; 5816*cdf0e10cSrcweir- 5817*cdf0e10cSrcweir- while(len > 0) { 5818*cdf0e10cSrcweir- /* skip spaces after comma or semicolon */ 5819*cdf0e10cSrcweir- while((len > 0) && isspace(*str)) { 5820*cdf0e10cSrcweir- ++str; --len; 5821*cdf0e10cSrcweir- } 5822*cdf0e10cSrcweir- 5823*cdf0e10cSrcweir- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); 5824*cdf0e10cSrcweir- if(nameLen < 0) { 5825*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5826*cdf0e10cSrcweir- NULL, 5827*cdf0e10cSrcweir- "xmlSecNssX509NameStringRead", 5828*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5829*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5830*cdf0e10cSrcweir- goto done; 5831*cdf0e10cSrcweir- } 5832*cdf0e10cSrcweir- memcpy(p, name, nameLen); 5833*cdf0e10cSrcweir- p+=nameLen; 5834*cdf0e10cSrcweir- *p++='='; 5835*cdf0e10cSrcweir- if(len > 0) { 5836*cdf0e10cSrcweir- ++str; --len; 5837*cdf0e10cSrcweir- if((*str) == '\"') { 5838*cdf0e10cSrcweir- valueLen = xmlSecNssX509NameStringRead(&str, &len, 5839*cdf0e10cSrcweir- value, sizeof(value), '"', 1); 5840*cdf0e10cSrcweir- if(valueLen < 0) { 5841*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5842*cdf0e10cSrcweir- NULL, 5843*cdf0e10cSrcweir- "xmlSecNssX509NameStringRead", 5844*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5845*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5846*cdf0e10cSrcweir- goto done; 5847*cdf0e10cSrcweir- } 5848*cdf0e10cSrcweir- /* skip spaces before comma or semicolon */ 5849*cdf0e10cSrcweir- while((len > 0) && isspace(*str)) { 5850*cdf0e10cSrcweir- ++str; --len; 5851*cdf0e10cSrcweir- } 5852*cdf0e10cSrcweir- if((len > 0) && ((*str) != ',')) { 5853*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5854*cdf0e10cSrcweir- NULL, 5855*cdf0e10cSrcweir- NULL, 5856*cdf0e10cSrcweir- XMLSEC_ERRORS_R_INVALID_DATA, 5857*cdf0e10cSrcweir- "comma is expected"); 5858*cdf0e10cSrcweir- goto done; 5859*cdf0e10cSrcweir- } 5860*cdf0e10cSrcweir- if(len > 0) { 5861*cdf0e10cSrcweir- ++str; --len; 5862*cdf0e10cSrcweir- } 5863*cdf0e10cSrcweir- *p++='\"'; 5864*cdf0e10cSrcweir- memcpy(p, value, valueLen); 5865*cdf0e10cSrcweir- p+=valueLen; 5866*cdf0e10cSrcweir- *p++='\"'; 5867*cdf0e10cSrcweir- } else if((*str) == '#') { 5868*cdf0e10cSrcweir- /* TODO: read octect values */ 5869*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5870*cdf0e10cSrcweir- NULL, 5871*cdf0e10cSrcweir- NULL, 5872*cdf0e10cSrcweir- XMLSEC_ERRORS_R_INVALID_DATA, 5873*cdf0e10cSrcweir- "reading octect values is not implemented yet"); 5874*cdf0e10cSrcweir- goto done; 5875*cdf0e10cSrcweir- } else { 5876*cdf0e10cSrcweir- valueLen = xmlSecNssX509NameStringRead(&str, &len, 5877*cdf0e10cSrcweir- value, sizeof(value), ',', 1); 5878*cdf0e10cSrcweir- if(valueLen < 0) { 5879*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5880*cdf0e10cSrcweir- NULL, 5881*cdf0e10cSrcweir- "xmlSecNssX509NameStringRead", 5882*cdf0e10cSrcweir- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5883*cdf0e10cSrcweir- XMLSEC_ERRORS_NO_MESSAGE); 5884*cdf0e10cSrcweir- goto done; 5885*cdf0e10cSrcweir- } 5886*cdf0e10cSrcweir- memcpy(p, value, valueLen); 5887*cdf0e10cSrcweir- p+=valueLen; 5888*cdf0e10cSrcweir- if (len > 0) 5889*cdf0e10cSrcweir- *p++=','; 5890*cdf0e10cSrcweir- } 5891*cdf0e10cSrcweir- } else { 5892*cdf0e10cSrcweir- valueLen = 0; 5893*cdf0e10cSrcweir- } 5894*cdf0e10cSrcweir- if(len > 0) { 5895*cdf0e10cSrcweir- ++str; --len; 5896*cdf0e10cSrcweir- } 5897*cdf0e10cSrcweir- } 5898*cdf0e10cSrcweir- 5899*cdf0e10cSrcweir- *p = 0; 5900*cdf0e10cSrcweir- return(retval); 5901*cdf0e10cSrcweir- 5902*cdf0e10cSrcweir-done: 5903*cdf0e10cSrcweir- PORT_Free(retval); 5904*cdf0e10cSrcweir- return (NULL); 5905*cdf0e10cSrcweir-} 5906*cdf0e10cSrcweir- 5907*cdf0e10cSrcweir-static int 5908*cdf0e10cSrcweir-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, 5909*cdf0e10cSrcweir- xmlSecByte *res, int resLen, 5910*cdf0e10cSrcweir- xmlSecByte delim, int ingoreTrailingSpaces) { 5911*cdf0e10cSrcweir- xmlSecByte *p, *q, *nonSpace; 5912*cdf0e10cSrcweir- 5913*cdf0e10cSrcweir- xmlSecAssert2(str != NULL, -1); 5914*cdf0e10cSrcweir- xmlSecAssert2(strLen != NULL, -1); 5915*cdf0e10cSrcweir- xmlSecAssert2(res != NULL, -1); 5916*cdf0e10cSrcweir- 5917*cdf0e10cSrcweir- p = (*str); 5918*cdf0e10cSrcweir- nonSpace = q = res; 5919*cdf0e10cSrcweir- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { 5920*cdf0e10cSrcweir- if((*p) != '\\') { 5921*cdf0e10cSrcweir- if(ingoreTrailingSpaces && !isspace(*p)) { 5922*cdf0e10cSrcweir- nonSpace = q; 5923*cdf0e10cSrcweir- } 5924*cdf0e10cSrcweir- *(q++) = *(p++); 5925*cdf0e10cSrcweir- } else { 5926*cdf0e10cSrcweir- ++p; 5927*cdf0e10cSrcweir- nonSpace = q; 5928*cdf0e10cSrcweir- if(xmlSecIsHex((*p))) { 5929*cdf0e10cSrcweir- if((p - (*str) + 1) >= (*strLen)) { 5930*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5931*cdf0e10cSrcweir- NULL, 5932*cdf0e10cSrcweir- NULL, 5933*cdf0e10cSrcweir- XMLSEC_ERRORS_R_INVALID_DATA, 5934*cdf0e10cSrcweir- "two hex digits expected"); 5935*cdf0e10cSrcweir- return(-1); 5936*cdf0e10cSrcweir- } 5937*cdf0e10cSrcweir- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); 5938*cdf0e10cSrcweir- p += 2; 5939*cdf0e10cSrcweir- } else { 5940*cdf0e10cSrcweir- if(((++p) - (*str)) >= (*strLen)) { 5941*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5942*cdf0e10cSrcweir- NULL, 5943*cdf0e10cSrcweir- NULL, 5944*cdf0e10cSrcweir- XMLSEC_ERRORS_R_INVALID_DATA, 5945*cdf0e10cSrcweir- "escaped symbol missed"); 5946*cdf0e10cSrcweir- return(-1); 5947*cdf0e10cSrcweir- } 5948*cdf0e10cSrcweir- *(q++) = *(p++); 5949*cdf0e10cSrcweir- } 5950*cdf0e10cSrcweir- } 5951*cdf0e10cSrcweir- } 5952*cdf0e10cSrcweir- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { 5953*cdf0e10cSrcweir- xmlSecError(XMLSEC_ERRORS_HERE, 5954*cdf0e10cSrcweir- NULL, 5955*cdf0e10cSrcweir- NULL, 5956*cdf0e10cSrcweir- XMLSEC_ERRORS_R_INVALID_SIZE, 5957*cdf0e10cSrcweir- "buffer is too small"); 5958*cdf0e10cSrcweir- return(-1); 5959*cdf0e10cSrcweir- } 5960*cdf0e10cSrcweir- (*strLen) -= (p - (*str)); 5961*cdf0e10cSrcweir- (*str) = p; 5962*cdf0e10cSrcweir- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); 5963*cdf0e10cSrcweir-} 5964*cdf0e10cSrcweir- 5965*cdf0e10cSrcweir /* code lifted from NSS */ 5966*cdf0e10cSrcweir static void 5967*cdf0e10cSrcweir xmlSecNssNumToItem(SECItem *it, unsigned long ui) 5968*cdf0e10cSrcweir@@ -699,6 +501,77 @@ 5969*cdf0e10cSrcweir it->len = len; 5970*cdf0e10cSrcweir PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); 5971*cdf0e10cSrcweir } 5972*cdf0e10cSrcweir+ 5973*cdf0e10cSrcweir+static int 5974*cdf0e10cSrcweir+xmlSecNssIntegerToItem( 5975*cdf0e10cSrcweir+ const xmlChar* integer , 5976*cdf0e10cSrcweir+ SECItem *item 5977*cdf0e10cSrcweir+) { 5978*cdf0e10cSrcweir+ xmlSecBn bn ; 5979*cdf0e10cSrcweir+ xmlSecSize i, length ; 5980*cdf0e10cSrcweir+ const xmlSecByte* bnInteger ; 5981*cdf0e10cSrcweir+ 5982*cdf0e10cSrcweir+ xmlSecAssert2( integer != NULL, -1 ) ; 5983*cdf0e10cSrcweir+ xmlSecAssert2( item != NULL, -1 ) ; 5984*cdf0e10cSrcweir+ 5985*cdf0e10cSrcweir+ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { 5986*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 5987*cdf0e10cSrcweir+ NULL, 5988*cdf0e10cSrcweir+ "xmlSecBnInitialize", 5989*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_DATA, 5990*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 5991*cdf0e10cSrcweir+ return -1 ; 5992*cdf0e10cSrcweir+ } 5993*cdf0e10cSrcweir+ 5994*cdf0e10cSrcweir+ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { 5995*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 5996*cdf0e10cSrcweir+ NULL, 5997*cdf0e10cSrcweir+ "xmlSecBnFromDecString", 5998*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_DATA, 5999*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 6000*cdf0e10cSrcweir+ xmlSecBnFinalize( &bn ) ; 6001*cdf0e10cSrcweir+ return -1 ; 6002*cdf0e10cSrcweir+ } 6003*cdf0e10cSrcweir+ 6004*cdf0e10cSrcweir+ length = xmlSecBnGetSize( &bn ) ; 6005*cdf0e10cSrcweir+ if( length <= 0 ) { 6006*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 6007*cdf0e10cSrcweir+ NULL, 6008*cdf0e10cSrcweir+ "xmlSecBnGetSize", 6009*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_DATA, 6010*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE); 6011*cdf0e10cSrcweir+ } 6012*cdf0e10cSrcweir+ 6013*cdf0e10cSrcweir+ bnInteger = xmlSecBnGetData( &bn ) ; 6014*cdf0e10cSrcweir+ if( bnInteger == NULL ) { 6015*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 6016*cdf0e10cSrcweir+ NULL, 6017*cdf0e10cSrcweir+ "xmlSecBnGetData", 6018*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_DATA, 6019*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 6020*cdf0e10cSrcweir+ xmlSecBnFinalize( &bn ) ; 6021*cdf0e10cSrcweir+ return -1 ; 6022*cdf0e10cSrcweir+ } 6023*cdf0e10cSrcweir+ 6024*cdf0e10cSrcweir+ item->data = ( unsigned char * )PORT_Alloc( length ); 6025*cdf0e10cSrcweir+ if( item->data == NULL ) { 6026*cdf0e10cSrcweir+ xmlSecError(XMLSEC_ERRORS_HERE, 6027*cdf0e10cSrcweir+ NULL, 6028*cdf0e10cSrcweir+ "PORT_Alloc", 6029*cdf0e10cSrcweir+ XMLSEC_ERRORS_R_INVALID_DATA, 6030*cdf0e10cSrcweir+ XMLSEC_ERRORS_NO_MESSAGE ) ; 6031*cdf0e10cSrcweir+ xmlSecBnFinalize( &bn ) ; 6032*cdf0e10cSrcweir+ return -1 ; 6033*cdf0e10cSrcweir+ } 6034*cdf0e10cSrcweir+ 6035*cdf0e10cSrcweir+ item->len = length; 6036*cdf0e10cSrcweir+ for( i = 0 ; i < length ; i ++ ) 6037*cdf0e10cSrcweir+ item->data[i] = *( bnInteger + i ) ; 6038*cdf0e10cSrcweir+ 6039*cdf0e10cSrcweir+ xmlSecBnFinalize( &bn ) ; 6040*cdf0e10cSrcweir+ 6041*cdf0e10cSrcweir+ return 0 ; 6042*cdf0e10cSrcweir+} 6043*cdf0e10cSrcweir #endif /* XMLSEC_NO_X509 */ 6044*cdf0e10cSrcweir 6045*cdf0e10cSrcweir 6046*cdf0e10cSrcweir--- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 6047*cdf0e10cSrcweir+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200 6048*cdf0e10cSrcweir@@ -218,6 +218,9 @@ 6049*cdf0e10cSrcweir $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj 6050*cdf0e10cSrcweir 6051*cdf0e10cSrcweir XMLSEC_NSS_OBJS = \ 6052*cdf0e10cSrcweir+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ 6053*cdf0e10cSrcweir+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ 6054*cdf0e10cSrcweir+ $(XMLSEC_NSS_INTDIR)\tokens.obj\ 6055*cdf0e10cSrcweir $(XMLSEC_NSS_INTDIR)\app.obj\ 6056*cdf0e10cSrcweir $(XMLSEC_NSS_INTDIR)\bignum.obj\ 6057*cdf0e10cSrcweir $(XMLSEC_NSS_INTDIR)\ciphers.obj \ 6058*cdf0e10cSrcweir@@ -253,6 +256,7 @@ 6059*cdf0e10cSrcweir $(XMLSEC_NSS_INTDIR_A)\strings.obj 6060*cdf0e10cSrcweir 6061*cdf0e10cSrcweir XMLSEC_MSCRYPTO_OBJS = \ 6062*cdf0e10cSrcweir+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ 6063*cdf0e10cSrcweir $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ 6064*cdf0e10cSrcweir $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ 6065*cdf0e10cSrcweir $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ 6066