| blob | 8bc97c474d56af2ffdae4d7e2e7dc0f65b4135b3 |
1 --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200
2 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200
3 @@ -3,6 +3,7 @@
4 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
6 xmlsecmscryptoinc_HEADERS = \
7 +akmngr.h \
8 app.h \
9 certkeys.h \
10 crypto.h \
11 --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200
12 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200
13 @@ -281,6 +281,7 @@
14 NULL =
15 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto
16 xmlsecmscryptoinc_HEADERS = \
17 +akmngr.h \
18 app.h \
19 certkeys.h \
20 crypto.h \
21 --- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200
22 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200
23 @@ -1 +1,71 @@
24 -dummy
25 +/**
26 + * XMLSec library
27 + *
28 + * This is free software; see Copyright file in the source
29 + * distribution for preciese wording.
30 + *
31 + * Copyright ..........................
32 + */
33 +#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__
34 +#define __XMLSEC_MSCRYPTO_AKMNGR_H__
35 +
36 +#include <windows.h>
37 +#include <wincrypt.h>
38 +
39 +#include <xmlsec/xmlsec.h>
40 +#include <xmlsec/keys.h>
41 +#include <xmlsec/transforms.h>
42 +
43 +#ifdef __cplusplus
44 +extern "C" {
45 +#endif /* __cplusplus */
46 +
47 +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
48 +xmlSecMSCryptoAppliedKeysMngrCreate(
49 + HCERTSTORE keyStore ,
50 + HCERTSTORE certStore
51 +) ;
52 +
53 +XMLSEC_CRYPTO_EXPORT int
54 +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
55 + xmlSecKeysMngrPtr mngr ,
56 + HCRYPTKEY symKey
57 +) ;
58 +
59 +XMLSEC_CRYPTO_EXPORT int
60 +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
61 + xmlSecKeysMngrPtr mngr ,
62 + HCRYPTKEY pubKey
63 +) ;
64 +
65 +XMLSEC_CRYPTO_EXPORT int
66 +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
67 + xmlSecKeysMngrPtr mngr ,
68 + HCRYPTKEY priKey
69 +) ;
70 +
71 +XMLSEC_CRYPTO_EXPORT int
72 +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
73 + xmlSecKeysMngrPtr mngr ,
74 + HCERTSTORE keyStore
75 +) ;
76 +
77 +XMLSEC_CRYPTO_EXPORT int
78 +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
79 + xmlSecKeysMngrPtr mngr ,
80 + HCERTSTORE trustedStore
81 +) ;
82 +
83 +XMLSEC_CRYPTO_EXPORT int
84 +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
85 + xmlSecKeysMngrPtr mngr ,
86 + HCERTSTORE untrustedStore
87 +) ;
88 +
89 +#ifdef __cplusplus
90 +}
91 +#endif /* __cplusplus */
92 +
93 +#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */
94 +
95 +
96 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
97 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200
98 @@ -10,6 +10,9 @@
99 keysstore.h \
100 pkikeys.h \
101 x509.h \
102 +akmngr.h \
103 +tokens.h \
104 +ciphers.h \
105 $(NULL)
107 install-exec-hook:
108 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200
109 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200
110 @@ -288,6 +288,9 @@
111 keysstore.h \
112 pkikeys.h \
113 x509.h \
114 +akmngr.h \
115 +tokens.h \
116 +ciphers.h \
117 $(NULL)
119 all: all-am
120 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200
121 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200
122 @@ -1 +1,56 @@
123 -dummy
124 +/**
125 + * XMLSec library
126 + *
127 + * This is free software; see Copyright file in the source
128 + * distribution for preciese wording.
129 + *
130 + * Copyright ..........................
131 + */
132 +#ifndef __XMLSEC_NSS_AKMNGR_H__
133 +#define __XMLSEC_NSS_AKMNGR_H__
134 +
135 +#include <nss.h>
136 +#include <nspr.h>
137 +#include <pk11func.h>
138 +#include <cert.h>
139 +
140 +#include <xmlsec/xmlsec.h>
141 +#include <xmlsec/keys.h>
142 +#include <xmlsec/transforms.h>
143 +
144 +#ifdef __cplusplus
145 +extern "C" {
146 +#endif /* __cplusplus */
147 +
148 +XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr
149 +xmlSecNssAppliedKeysMngrCreate(
150 + PK11SlotInfo** slots,
151 + int cSlots,
152 + CERTCertDBHandle* handler
153 +) ;
154 +
155 +XMLSEC_CRYPTO_EXPORT int
156 +xmlSecNssAppliedKeysMngrSymKeyLoad(
157 + xmlSecKeysMngrPtr mngr ,
158 + PK11SymKey* symKey
159 +) ;
160 +
161 +XMLSEC_CRYPTO_EXPORT int
162 +xmlSecNssAppliedKeysMngrPubKeyLoad(
163 + xmlSecKeysMngrPtr mngr ,
164 + SECKEYPublicKey* pubKey
165 +) ;
166 +
167 +XMLSEC_CRYPTO_EXPORT int
168 +xmlSecNssAppliedKeysMngrPriKeyLoad(
169 + xmlSecKeysMngrPtr mngr ,
170 + SECKEYPrivateKey* priKey
171 +) ;
172 +
173 +#ifdef __cplusplus
174 +}
175 +#endif /* __cplusplus */
176 +
177 +#endif /* __XMLSEC_NSS_AKMNGR_H__ */
178 +
179 +
180 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200
181 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200
182 @@ -22,6 +22,9 @@
183 #include <xmlsec/keysmngr.h>
184 #include <xmlsec/transforms.h>
186 +#include <xmlsec/nss/tokens.h>
187 +#include <xmlsec/nss/akmngr.h>
188 +
189 /**
190 * Init/shutdown
191 */
192 @@ -36,6 +39,8 @@
193 xmlSecKeyPtr key);
194 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr,
195 const char* uri);
196 +XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr,
197 + xmlSecNssKeySlotPtr keySlot);
198 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr,
199 const char* filename,
200 xmlSecKeyDataType type);
201 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200
202 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200
203 @@ -1 +1,35 @@
204 -dummy
205 +/**
206 + * XMLSec library
207 + *
208 + * This is free software; see Copyright file in the source
209 + * distribution for preciese wording.
210 + *
211 + * Copyright ..........................
212 + */
213 +#ifndef __XMLSEC_NSS_CIPHERS_H__
214 +#define __XMLSEC_NSS_CIPHERS_H__
215 +
216 +#ifdef __cplusplus
217 +extern "C" {
218 +#endif /* __cplusplus */
219 +
220 +#include <xmlsec/xmlsec.h>
221 +#include <xmlsec/keys.h>
222 +#include <xmlsec/transforms.h>
223 +
224 +
225 +XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data,
226 + PK11SymKey* symkey ) ;
227 +
228 +XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ;
229 +
230 +XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data);
231 +
232 +
233 +#ifdef __cplusplus
234 +}
235 +#endif /* __cplusplus */
236 +
237 +#endif /* __XMLSEC_NSS_CIPHERS_H__ */
238 +
239 +
240 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200
241 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200
242 @@ -16,6 +16,8 @@
243 #endif /* __cplusplus */
245 #include <xmlsec/xmlsec.h>
246 +#include <xmlsec/keysmngr.h>
247 +#include <xmlsec/nss/tokens.h>
249 /****************************************************************************
250 *
251 @@ -31,6 +33,8 @@
252 XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void);
253 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store,
254 xmlSecKeyPtr key);
255 +XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store,
256 + xmlSecNssKeySlotPtr keySlot);
257 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store,
258 const char *uri,
259 xmlSecKeysMngrPtr keysMngr);
260 --- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200
261 +++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200
262 @@ -1 +1,182 @@
263 -dummy
264 +/**
265 + * XMLSec library
266 + *
267 + * This is free software; see Copyright file in the source
268 + * distribution for preciese wording.
269 + *
270 + * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved.
271 + *
272 + * Contributor(s): _____________________________
273 + *
274 + */
275 +#ifndef __XMLSEC_NSS_TOKENS_H__
276 +#define __XMLSEC_NSS_TOKENS_H__
277 +
278 +#include <string.h>
279 +
280 +#include <nss.h>
281 +#include <pk11func.h>
282 +
283 +#include <xmlsec/xmlsec.h>
284 +#include <xmlsec/list.h>
285 +
286 +#ifdef __cplusplus
287 +extern "C" {
288 +#endif /* __cplusplus */
289 +
290 +/**
291 + * xmlSecNssKeySlotListId
292 + *
293 + * The crypto mechanism list klass
294 + */
295 +#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass()
296 +XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ;
297 +
298 +/*******************************************
299 + * KeySlot interfaces
300 + *******************************************/
301 +/**
302 + * Internal NSS key slot data
303 + * @mechanismList: the mechanisms that the slot bound with.
304 + * @slot: the pkcs slot
305 + *
306 + * This context is located after xmlSecPtrList
307 + */
308 +typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ;
309 +typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ;
310 +
311 +struct _xmlSecNssKeySlot {
312 + CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */
313 + PK11SlotInfo* slot ;
314 +} ;
315 +
316 +XMLSEC_CRYPTO_EXPORT int
317 +xmlSecNssKeySlotSetMechList(
318 + xmlSecNssKeySlotPtr keySlot ,
319 + CK_MECHANISM_TYPE_PTR mechanismList
320 +) ;
321 +
322 +XMLSEC_CRYPTO_EXPORT int
323 +xmlSecNssKeySlotEnableMech(
324 + xmlSecNssKeySlotPtr keySlot ,
325 + CK_MECHANISM_TYPE mechanism
326 +) ;
327 +
328 +XMLSEC_CRYPTO_EXPORT int
329 +xmlSecNssKeySlotDisableMech(
330 + xmlSecNssKeySlotPtr keySlot ,
331 + CK_MECHANISM_TYPE mechanism
332 +) ;
333 +
334 +XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR
335 +xmlSecNssKeySlotGetMechList(
336 + xmlSecNssKeySlotPtr keySlot
337 +) ;
338 +
339 +XMLSEC_CRYPTO_EXPORT int
340 +xmlSecNssKeySlotSetSlot(
341 + xmlSecNssKeySlotPtr keySlot ,
342 + PK11SlotInfo* slot
343 +) ;
344 +
345 +XMLSEC_CRYPTO_EXPORT int
346 +xmlSecNssKeySlotInitialize(
347 + xmlSecNssKeySlotPtr keySlot ,
348 + PK11SlotInfo* slot
349 +) ;
350 +
351 +XMLSEC_CRYPTO_EXPORT void
352 +xmlSecNssKeySlotFinalize(
353 + xmlSecNssKeySlotPtr keySlot
354 +) ;
355 +
356 +XMLSEC_CRYPTO_EXPORT PK11SlotInfo*
357 +xmlSecNssKeySlotGetSlot(
358 + xmlSecNssKeySlotPtr keySlot
359 +) ;
360 +
361 +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
362 +xmlSecNssKeySlotCreate() ;
363 +
364 +XMLSEC_CRYPTO_EXPORT int
365 +xmlSecNssKeySlotCopy(
366 + xmlSecNssKeySlotPtr newKeySlot ,
367 + xmlSecNssKeySlotPtr keySlot
368 +) ;
369 +
370 +XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr
371 +xmlSecNssKeySlotDuplicate(
372 + xmlSecNssKeySlotPtr keySlot
373 +) ;
374 +
375 +XMLSEC_CRYPTO_EXPORT void
376 +xmlSecNssKeySlotDestroy(
377 + xmlSecNssKeySlotPtr keySlot
378 +) ;
379 +
380 +XMLSEC_CRYPTO_EXPORT int
381 +xmlSecNssKeySlotBindMech(
382 + xmlSecNssKeySlotPtr keySlot ,
383 + CK_MECHANISM_TYPE type
384 +) ;
385 +
386 +XMLSEC_CRYPTO_EXPORT int
387 +xmlSecNssKeySlotSupportMech(
388 + xmlSecNssKeySlotPtr keySlot ,
389 + CK_MECHANISM_TYPE type
390 +) ;
391 +
392 +
393 +/************************************************************************
394 + * PKCS#11 crypto token interfaces
395 + *
396 + * A PKCS#11 slot repository will be defined internally. From the
397 + * repository, a user can specify a particular slot for a certain crypto
398 + * mechanism.
399 + *
400 + * In some situation, some cryptographic operation should act in a user
401 + * designated devices. The interfaces defined here provide the way. If
402 + * the user do not initialize the repository distinctly, the interfaces
403 + * use the default functions provided by NSS itself.
404 + *
405 + ************************************************************************/
406 +/**
407 + * Initialize NSS pkcs#11 slot repository
408 + *
409 + * Returns 0 if success or -1 if an error occurs.
410 + */
411 +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ;
412 +
413 +/**
414 + * Shutdown and destroy NSS pkcs#11 slot repository
415 + */
416 +XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ;
417 +
418 +/**
419 + * Get PKCS#11 slot handler
420 + * @type the mechanism that the slot must support.
421 + *
422 + * Returns a pointer to PKCS#11 slot or NULL if an error occurs.
423 + *
424 + * Notes: The returned handler must be destroied distinctly.
425 + */
426 +XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ;
427 +
428 +/**
429 + * Adopt a pkcs#11 slot with a mechanism into the repository
430 + * @slot: the pkcs#11 slot.
431 + * @mech: the mechanism.
432 + *
433 + * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with
434 + * this mechanism only can perform on the @slot.
435 + *
436 + * Returns 0 if success or -1 if an error occurs.
437 + */
438 +XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ;
439 +
440 +#ifdef __cplusplus
441 +}
442 +#endif /* __cplusplus */
443 +
444 +#endif /* __XMLSEC_NSS_TOKENS_H__ */
445 +
446 --- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200
447 +++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200
448 @@ -1 +1,236 @@
449 -dummy
450 +/**
451 + * XMLSec library
452 + *
453 + * This is free software; see Copyright file in the source
454 + * distribution for preciese wording.
455 + *
456 + * Copyright.........................
457 + */
458 +#include "globals.h"
459 +
460 +#include <xmlsec/xmlsec.h>
461 +#include <xmlsec/keys.h>
462 +#include <xmlsec/keysmngr.h>
463 +#include <xmlsec/transforms.h>
464 +#include <xmlsec/errors.h>
465 +
466 +#include <xmlsec/mscrypto/crypto.h>
467 +#include <xmlsec/mscrypto/keysstore.h>
468 +#include <xmlsec/mscrypto/akmngr.h>
469 +#include <xmlsec/mscrypto/x509.h>
470 +
471 +/**
472 + * xmlSecMSCryptoAppliedKeysMngrCreate:
473 + * @hKeyStore: the pointer to key store.
474 + * @hCertStore: the pointer to certificate database.
475 + *
476 + * Create and load key store and certificate database into keys manager
477 + *
478 + * Returns keys manager pointer on success or NULL otherwise.
479 + */
480 +xmlSecKeysMngrPtr
481 +xmlSecMSCryptoAppliedKeysMngrCreate(
482 + HCERTSTORE hKeyStore ,
483 + HCERTSTORE hCertStore
484 +) {
485 + xmlSecKeyDataStorePtr certStore = NULL ;
486 + xmlSecKeysMngrPtr keyMngr = NULL ;
487 + xmlSecKeyStorePtr keyStore = NULL ;
488 +
489 + keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
490 + if( keyStore == NULL ) {
491 + xmlSecError( XMLSEC_ERRORS_HERE ,
492 + NULL ,
493 + "xmlSecKeyStoreCreate" ,
494 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
495 + XMLSEC_ERRORS_NO_MESSAGE ) ;
496 + return NULL ;
497 + }
498 +
499 + /*-
500 + * At present, MS Crypto engine do not provide a way to setup a key store.
501 + */
502 + if( keyStore != NULL ) {
503 + /*TODO: binding key store.*/
504 + }
505 +
506 + keyMngr = xmlSecKeysMngrCreate() ;
507 + if( keyMngr == NULL ) {
508 + xmlSecError( XMLSEC_ERRORS_HERE ,
509 + NULL ,
510 + "xmlSecKeysMngrCreate" ,
511 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
512 + XMLSEC_ERRORS_NO_MESSAGE ) ;
513 +
514 + xmlSecKeyStoreDestroy( keyStore ) ;
515 + return NULL ;
516 + }
517 +
518 + /*-
519 + * Add key store to manager, from now on keys manager destroys the store if
520 + * needed
521 + */
522 + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
523 + xmlSecError( XMLSEC_ERRORS_HERE ,
524 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
525 + "xmlSecKeysMngrAdoptKeyStore" ,
526 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
527 + XMLSEC_ERRORS_NO_MESSAGE ) ;
528 +
529 + xmlSecKeyStoreDestroy( keyStore ) ;
530 + xmlSecKeysMngrDestroy( keyMngr ) ;
531 + return NULL ;
532 + }
533 +
534 + /*-
535 + * Initialize crypto library specific data in keys manager
536 + */
537 + if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
538 + xmlSecError( XMLSEC_ERRORS_HERE ,
539 + NULL ,
540 + "xmlSecMSCryptoKeysMngrInit" ,
541 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
542 + XMLSEC_ERRORS_NO_MESSAGE ) ;
543 +
544 + xmlSecKeysMngrDestroy( keyMngr ) ;
545 + return NULL ;
546 + }
547 +
548 + /*-
549 + * Set certificate databse to X509 key data store
550 + */
551 + /*-
552 + * At present, MS Crypto engine do not provide a way to setup a cert store.
553 + */
554 +
555 + /*-
556 + * Set the getKey callback
557 + */
558 + keyMngr->getKey = xmlSecKeysMngrGetKey ;
559 +
560 + return keyMngr ;
561 +}
562 +
563 +int
564 +xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
565 + xmlSecKeysMngrPtr mngr ,
566 + HCRYPTKEY symKey
567 +) {
568 + /*TODO: import the key into keys manager.*/
569 + return(0) ;
570 +}
571 +
572 +int
573 +xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
574 + xmlSecKeysMngrPtr mngr ,
575 + HCRYPTKEY pubKey
576 +) {
577 + /*TODO: import the key into keys manager.*/
578 + return(0) ;
579 +}
580 +
581 +int
582 +xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
583 + xmlSecKeysMngrPtr mngr ,
584 + HCRYPTKEY priKey
585 +) {
586 + /*TODO: import the key into keys manager.*/
587 + return(0) ;
588 +}
589 +
590 +int
591 +xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
592 + xmlSecKeysMngrPtr mngr ,
593 + HCERTSTORE keyStore
594 +) {
595 + xmlSecKeyDataStorePtr x509Store ;
596 +
597 + xmlSecAssert2( mngr != NULL, -1 ) ;
598 + xmlSecAssert2( keyStore != NULL, -1 ) ;
599 +
600 + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
601 + if( x509Store == NULL ) {
602 + xmlSecError( XMLSEC_ERRORS_HERE ,
603 + NULL ,
604 + "xmlSecKeysMngrGetDataStore" ,
605 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
606 + XMLSEC_ERRORS_NO_MESSAGE ) ;
607 + return( -1 ) ;
608 + }
609 +
610 + if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
611 + xmlSecError( XMLSEC_ERRORS_HERE ,
612 + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
613 + "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
614 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
615 + XMLSEC_ERRORS_NO_MESSAGE ) ;
616 + return( -1 ) ;
617 + }
618 +
619 + return( 0 ) ;
620 +}
621 +
622 +int
623 +xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
624 + xmlSecKeysMngrPtr mngr ,
625 + HCERTSTORE trustedStore
626 +) {
627 + xmlSecKeyDataStorePtr x509Store ;
628 +
629 + xmlSecAssert2( mngr != NULL, -1 ) ;
630 + xmlSecAssert2( trustedStore != NULL, -1 ) ;
631 +
632 + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
633 + if( x509Store == NULL ) {
634 + xmlSecError( XMLSEC_ERRORS_HERE ,
635 + NULL ,
636 + "xmlSecKeysMngrGetDataStore" ,
637 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
638 + XMLSEC_ERRORS_NO_MESSAGE ) ;
639 + return( -1 ) ;
640 + }
641 +
642 + if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
643 + xmlSecError( XMLSEC_ERRORS_HERE ,
644 + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
645 + "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
646 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
647 + XMLSEC_ERRORS_NO_MESSAGE ) ;
648 + return( -1 ) ;
649 + }
650 +
651 + return( 0 ) ;
652 +}
653 +
654 +int
655 +xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
656 + xmlSecKeysMngrPtr mngr ,
657 + HCERTSTORE untrustedStore
658 +) {
659 + xmlSecKeyDataStorePtr x509Store ;
660 +
661 + xmlSecAssert2( mngr != NULL, -1 ) ;
662 + xmlSecAssert2( untrustedStore != NULL, -1 ) ;
663 +
664 + x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
665 + if( x509Store == NULL ) {
666 + xmlSecError( XMLSEC_ERRORS_HERE ,
667 + NULL ,
668 + "xmlSecKeysMngrGetDataStore" ,
669 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
670 + XMLSEC_ERRORS_NO_MESSAGE ) ;
671 + return( -1 ) ;
672 + }
673 +
674 + if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
675 + xmlSecError( XMLSEC_ERRORS_HERE ,
676 + xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
677 + "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
678 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
679 + XMLSEC_ERRORS_NO_MESSAGE ) ;
680 + return( -1 ) ;
681 + }
682 +
683 + return( 0 ) ;
684 +}
685 +
686 --- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200
687 +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200
688 @@ -35,6 +35,9 @@
689 kw_des.c \
690 kw_aes.c \
691 globals.h \
692 + akmngr.c \
693 + keywrapers.c \
694 + tokens.c \
695 $(NULL)
697 if SHAREDLIB_HACK
698 --- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200
699 +++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200
700 @@ -72,7 +72,8 @@
701 am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \
702 digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
703 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
704 - ../strings.c
705 + ../strings.c \
706 + akmngr.c keywrapers.c tokens.c
707 am__objects_1 =
708 @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo
709 am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \
710 @@ -83,6 +84,8 @@
711 libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \
712 libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \
713 libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \
714 + libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \
715 + libxmlsec1_nss_la-tokens.lo \
716 $(am__objects_1) $(am__objects_2)
717 libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS)
718 libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
719 @@ -333,6 +336,7 @@
720 libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \
721 digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \
722 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \
723 + akmngr.c keywrapers.c tokens.c \
724 $(NULL) $(am__append_1)
725 libxmlsec1_nss_la_LIBADD = \
726 ../libxmlsec1.la \
727 @@ -439,6 +443,9 @@
728 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@
729 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@
730 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@
731 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@
732 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@
733 +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@
735 .c.o:
736 @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
737 @@ -468,6 +475,27 @@
738 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
739 @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c
741 +libxmlsec1_nss_la-akmngr.lo: akmngr.c
742 +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \
743 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi
744 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@
745 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
746 +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c
747 +
748 +libxmlsec1_nss_la-keywrapers.lo: keywrapers.c
749 +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \
750 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi
751 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@
752 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
753 +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c
754 +
755 +libxmlsec1_nss_la-tokens.lo: tokens.c
756 +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \
757 +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi
758 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@
759 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
760 +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c
761 +
762 libxmlsec1_nss_la-bignum.lo: bignum.c
763 @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c
764 @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo
765 --- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200
766 +++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200
767 @@ -1 +1,384 @@
768 -dummy
769 +/**
770 + * XMLSec library
771 + *
772 + * This is free software; see Copyright file in the source
773 + * distribution for preciese wording.
774 + *
775 + * Copyright.........................
776 + */
777 +#include "globals.h"
778 +
779 +#include <nspr.h>
780 +#include <nss.h>
781 +#include <pk11func.h>
782 +#include <cert.h>
783 +#include <keyhi.h>
784 +
785 +#include <xmlsec/xmlsec.h>
786 +#include <xmlsec/keys.h>
787 +#include <xmlsec/transforms.h>
788 +#include <xmlsec/errors.h>
789 +
790 +#include <xmlsec/nss/crypto.h>
791 +#include <xmlsec/nss/tokens.h>
792 +#include <xmlsec/nss/akmngr.h>
793 +#include <xmlsec/nss/pkikeys.h>
794 +#include <xmlsec/nss/ciphers.h>
795 +#include <xmlsec/nss/keysstore.h>
796 +
797 +/**
798 + * xmlSecNssAppliedKeysMngrCreate:
799 + * @slot: array of pointers to NSS PKCS#11 slot infomation.
800 + * @cSlots: number of slots in the array
801 + * @handler: the pointer to NSS certificate database.
802 + *
803 + * Create and load NSS crypto slot and certificate database into keys manager
804 + *
805 + * Returns keys manager pointer on success or NULL otherwise.
806 + */
807 +xmlSecKeysMngrPtr
808 +xmlSecNssAppliedKeysMngrCreate(
809 + PK11SlotInfo** slots,
810 + int cSlots,
811 + CERTCertDBHandle* handler
812 +) {
813 + xmlSecKeyDataStorePtr certStore = NULL ;
814 + xmlSecKeysMngrPtr keyMngr = NULL ;
815 + xmlSecKeyStorePtr keyStore = NULL ;
816 + int islot = 0;
817 + keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
818 + if( keyStore == NULL ) {
819 + xmlSecError( XMLSEC_ERRORS_HERE ,
820 + NULL ,
821 + "xmlSecKeyStoreCreate" ,
822 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
823 + XMLSEC_ERRORS_NO_MESSAGE ) ;
824 + return NULL ;
825 + }
826 +
827 + for (islot = 0; islot < cSlots; islot++)
828 + {
829 + xmlSecNssKeySlotPtr keySlot ;
830 +
831 + /* Create a key slot */
832 + keySlot = xmlSecNssKeySlotCreate() ;
833 + if( keySlot == NULL ) {
834 + xmlSecError( XMLSEC_ERRORS_HERE ,
835 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
836 + "xmlSecNssKeySlotCreate" ,
837 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
838 + XMLSEC_ERRORS_NO_MESSAGE ) ;
839 +
840 + xmlSecKeyStoreDestroy( keyStore ) ;
841 + return NULL ;
842 + }
843 +
844 + /* Set slot */
845 + if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
846 + xmlSecError( XMLSEC_ERRORS_HERE ,
847 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
848 + "xmlSecNssKeySlotSetSlot" ,
849 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
850 + XMLSEC_ERRORS_NO_MESSAGE ) ;
851 +
852 + xmlSecKeyStoreDestroy( keyStore ) ;
853 + xmlSecNssKeySlotDestroy( keySlot ) ;
854 + return NULL ;
855 + }
856 +
857 + /* Adopt keySlot */
858 + if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
859 + xmlSecError( XMLSEC_ERRORS_HERE ,
860 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
861 + "xmlSecNssKeysStoreAdoptKeySlot" ,
862 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
863 + XMLSEC_ERRORS_NO_MESSAGE ) ;
864 +
865 + xmlSecKeyStoreDestroy( keyStore ) ;
866 + xmlSecNssKeySlotDestroy( keySlot ) ;
867 + return NULL ;
868 + }
869 + }
870 +
871 + keyMngr = xmlSecKeysMngrCreate() ;
872 + if( keyMngr == NULL ) {
873 + xmlSecError( XMLSEC_ERRORS_HERE ,
874 + NULL ,
875 + "xmlSecKeysMngrCreate" ,
876 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
877 + XMLSEC_ERRORS_NO_MESSAGE ) ;
878 +
879 + xmlSecKeyStoreDestroy( keyStore ) ;
880 + return NULL ;
881 + }
882 +
883 + /*-
884 + * Add key store to manager, from now on keys manager destroys the store if
885 + * needed
886 + */
887 + if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
888 + xmlSecError( XMLSEC_ERRORS_HERE ,
889 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
890 + "xmlSecKeysMngrAdoptKeyStore" ,
891 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
892 + XMLSEC_ERRORS_NO_MESSAGE ) ;
893 +
894 + xmlSecKeyStoreDestroy( keyStore ) ;
895 + xmlSecKeysMngrDestroy( keyMngr ) ;
896 + return NULL ;
897 + }
898 +
899 + /*-
900 + * Initialize crypto library specific data in keys manager
901 + */
902 + if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
903 + xmlSecError( XMLSEC_ERRORS_HERE ,
904 + NULL ,
905 + "xmlSecKeysMngrCreate" ,
906 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
907 + XMLSEC_ERRORS_NO_MESSAGE ) ;
908 +
909 + xmlSecKeysMngrDestroy( keyMngr ) ;
910 + return NULL ;
911 + }
912 +
913 + /*-
914 + * Set certificate databse to X509 key data store
915 + */
916 + /**
917 + * Because Tej's implementation of certDB use the default DB, so I ignore
918 + * the certDB handler at present. I'll modify the cert store sources to
919 + * accept particular certDB instead of default ones.
920 + certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
921 + if( certStore == NULL ) {
922 + xmlSecError( XMLSEC_ERRORS_HERE ,
923 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
924 + "xmlSecKeysMngrGetDataStore" ,
925 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
926 + XMLSEC_ERRORS_NO_MESSAGE ) ;
927 +
928 + xmlSecKeysMngrDestroy( keyMngr ) ;
929 + return NULL ;
930 + }
931 +
932 + if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
933 + xmlSecError( XMLSEC_ERRORS_HERE ,
934 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
935 + "xmlSecNssKeyDataStoreX509SetCertDb" ,
936 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
937 + XMLSEC_ERRORS_NO_MESSAGE ) ;
938 +
939 + xmlSecKeysMngrDestroy( keyMngr ) ;
940 + return NULL ;
941 + }
942 + */
943 +
944 + /*-
945 + * Set the getKey callback
946 + */
947 + keyMngr->getKey = xmlSecKeysMngrGetKey ;
948 +
949 + return keyMngr ;
950 +}
951 +
952 +int
953 +xmlSecNssAppliedKeysMngrSymKeyLoad(
954 + xmlSecKeysMngrPtr mngr ,
955 + PK11SymKey* symKey
956 +) {
957 + xmlSecKeyPtr key ;
958 + xmlSecKeyDataPtr data ;
959 + xmlSecKeyStorePtr keyStore ;
960 +
961 + xmlSecAssert2( mngr != NULL , -1 ) ;
962 + xmlSecAssert2( symKey != NULL , -1 ) ;
963 +
964 + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
965 + if( keyStore == NULL ) {
966 + xmlSecError( XMLSEC_ERRORS_HERE ,
967 + NULL ,
968 + "xmlSecKeysMngrGetKeysStore" ,
969 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
970 + XMLSEC_ERRORS_NO_MESSAGE ) ;
971 + return(-1) ;
972 + }
973 + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
974 +
975 + data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
976 + if( data == NULL ) {
977 + xmlSecError( XMLSEC_ERRORS_HERE ,
978 + NULL ,
979 + "xmlSecNssSymKeyDataKeyAdopt" ,
980 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
981 + XMLSEC_ERRORS_NO_MESSAGE ) ;
982 + return(-1) ;
983 + }
984 +
985 + key = xmlSecKeyCreate() ;
986 + if( key == NULL ) {
987 + xmlSecError( XMLSEC_ERRORS_HERE ,
988 + NULL ,
989 + "xmlSecNssSymKeyDataKeyAdopt" ,
990 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
991 + XMLSEC_ERRORS_NO_MESSAGE ) ;
992 + xmlSecKeyDataDestroy( data ) ;
993 + return(-1) ;
994 + }
995 +
996 + if( xmlSecKeySetValue( key , data ) < 0 ) {
997 + xmlSecError( XMLSEC_ERRORS_HERE ,
998 + NULL ,
999 + "xmlSecNssSymKeyDataKeyAdopt" ,
1000 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1001 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1002 + xmlSecKeyDataDestroy( data ) ;
1003 + return(-1) ;
1004 + }
1005 +
1006 + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
1007 + xmlSecError( XMLSEC_ERRORS_HERE ,
1008 + NULL ,
1009 + "xmlSecNssSymKeyDataKeyAdopt" ,
1010 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1011 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1012 + xmlSecKeyDestroy( key ) ;
1013 + return(-1) ;
1014 + }
1015 +
1016 + return(0) ;
1017 +}
1018 +
1019 +int
1020 +xmlSecNssAppliedKeysMngrPubKeyLoad(
1021 + xmlSecKeysMngrPtr mngr ,
1022 + SECKEYPublicKey* pubKey
1023 +) {
1024 + xmlSecKeyPtr key ;
1025 + xmlSecKeyDataPtr data ;
1026 + xmlSecKeyStorePtr keyStore ;
1027 +
1028 + xmlSecAssert2( mngr != NULL , -1 ) ;
1029 + xmlSecAssert2( pubKey != NULL , -1 ) ;
1030 +
1031 + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
1032 + if( keyStore == NULL ) {
1033 + xmlSecError( XMLSEC_ERRORS_HERE ,
1034 + NULL ,
1035 + "xmlSecKeysMngrGetKeysStore" ,
1036 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1037 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1038 + return(-1) ;
1039 + }
1040 + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
1041 +
1042 + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
1043 + if( data == NULL ) {
1044 + xmlSecError( XMLSEC_ERRORS_HERE ,
1045 + NULL ,
1046 + "xmlSecNssPKIAdoptKey" ,
1047 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1048 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1049 + return(-1) ;
1050 + }
1051 +
1052 + key = xmlSecKeyCreate() ;
1053 + if( key == NULL ) {
1054 + xmlSecError( XMLSEC_ERRORS_HERE ,
1055 + NULL ,
1056 + "xmlSecNssSymKeyDataKeyAdopt" ,
1057 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1058 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1059 + xmlSecKeyDataDestroy( data ) ;
1060 + return(-1) ;
1061 + }
1062 +
1063 + if( xmlSecKeySetValue( key , data ) < 0 ) {
1064 + xmlSecError( XMLSEC_ERRORS_HERE ,
1065 + NULL ,
1066 + "xmlSecNssSymKeyDataKeyAdopt" ,
1067 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1068 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1069 + xmlSecKeyDataDestroy( data ) ;
1070 + return(-1) ;
1071 + }
1072 +
1073 + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
1074 + xmlSecError( XMLSEC_ERRORS_HERE ,
1075 + NULL ,
1076 + "xmlSecNssSymKeyDataKeyAdopt" ,
1077 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1078 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1079 + xmlSecKeyDestroy( key ) ;
1080 + return(-1) ;
1081 + }
1082 +
1083 + return(0) ;
1084 +}
1085 +
1086 +int
1087 +xmlSecNssAppliedKeysMngrPriKeyLoad(
1088 + xmlSecKeysMngrPtr mngr ,
1089 + SECKEYPrivateKey* priKey
1090 +) {
1091 + xmlSecKeyPtr key ;
1092 + xmlSecKeyDataPtr data ;
1093 + xmlSecKeyStorePtr keyStore ;
1094 +
1095 + xmlSecAssert2( mngr != NULL , -1 ) ;
1096 + xmlSecAssert2( priKey != NULL , -1 ) ;
1097 +
1098 + keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
1099 + if( keyStore == NULL ) {
1100 + xmlSecError( XMLSEC_ERRORS_HERE ,
1101 + NULL ,
1102 + "xmlSecKeysMngrGetKeysStore" ,
1103 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1104 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1105 + return(-1) ;
1106 + }
1107 + xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
1108 +
1109 + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
1110 + if( data == NULL ) {
1111 + xmlSecError( XMLSEC_ERRORS_HERE ,
1112 + NULL ,
1113 + "xmlSecNssPKIAdoptKey" ,
1114 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1115 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1116 + return(-1) ;
1117 + }
1118 +
1119 + key = xmlSecKeyCreate() ;
1120 + if( key == NULL ) {
1121 + xmlSecError( XMLSEC_ERRORS_HERE ,
1122 + NULL ,
1123 + "xmlSecNssSymKeyDataKeyAdopt" ,
1124 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1125 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1126 + xmlSecKeyDataDestroy( data ) ;
1127 + return(-1) ;
1128 + }
1129 +
1130 + if( xmlSecKeySetValue( key , data ) < 0 ) {
1131 + xmlSecError( XMLSEC_ERRORS_HERE ,
1132 + NULL ,
1133 + "xmlSecNssSymKeyDataKeyAdopt" ,
1134 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1135 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1136 + xmlSecKeyDataDestroy( data ) ;
1137 + return(-1) ;
1138 + }
1139 +
1140 + if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
1141 + xmlSecError( XMLSEC_ERRORS_HERE ,
1142 + NULL ,
1143 + "xmlSecNssSymKeyDataKeyAdopt" ,
1144 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1145 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1146 + xmlSecKeyDestroy( key ) ;
1147 + return(-1) ;
1148 + }
1149 +
1150 + return(0) ;
1151 +}
1152 +
1153 --- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200
1154 +++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200
1155 @@ -23,8 +23,8 @@
1156 #include <xmlsec/transforms.h>
1157 #include <xmlsec/errors.h>
1159 -#include <xmlsec/nss/app.h>
1160 #include <xmlsec/nss/crypto.h>
1161 +#include <xmlsec/nss/tokens.h>
1163 /* sizes in bits */
1164 #define XMLSEC_NSS_MIN_HMAC_SIZE 80
1165 @@ -286,13 +286,13 @@
1166 keyItem.data = xmlSecBufferGetData(buffer);
1167 keyItem.len = xmlSecBufferGetSize(buffer);
1169 - slot = PK11_GetBestSlot(ctx->digestType, NULL);
1170 + slot = xmlSecNssSlotGet(ctx->digestType);
1171 if(slot == NULL) {
1172 xmlSecError(XMLSEC_ERRORS_HERE,
1173 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
1174 - "PK11_GetBestSlot",
1175 + "xmlSecNssSlotGet",
1176 XMLSEC_ERRORS_R_CRYPTO_FAILED,
1177 - XMLSEC_ERRORS_NO_MESSAGE);
1178 + "error code=%d", PORT_GetError());
1179 return(-1);
1180 }
1182 --- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200
1183 +++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200
1184 @@ -1,36 +1,56 @@
1185 /**
1186 * XMLSec library
1187 *
1188 - * Nss keys store that uses Simple Keys Store under the hood. Uses the
1189 - * Nss DB as a backing store for the finding keys, but the NSS DB is
1190 - * not written to by the keys store.
1191 - * So, if store->findkey is done and the key is not found in the simple
1192 - * keys store, the NSS DB is looked up.
1193 - * If store is called to adopt a key, that key is not written to the NSS
1194 - * DB.
1195 - * Thus, the NSS DB can be used to pre-load keys and becomes an alternate
1196 - * source of keys for xmlsec
1197 - *
1198 * This is free software; see Copyright file in the source
1199 * distribution for precise wording.
1200 *
1201 * Copyright (c) 2003 America Online, Inc. All rights reserved.
1202 */
1203 +
1204 +/**
1205 + * NSS key store uses a key list and a slot list as the key repository. NSS slot
1206 + * list is a backup repository for the finding keys. If a key is not found from
1207 + * the key list, the NSS slot list is looked up.
1208 + *
1209 + * Any key in the key list will not save to pkcs11 slot. When a store to called
1210 + * to adopt a key, the key is resident in the key list; While a store to called
1211 + * to set a is resident in the key list; While a store to called to set a slot
1212 + * list, which means that the keys in the listed slot can be used for xml sign-
1213 + * nature or encryption.
1214 + *
1215 + * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec.
1216 + *
1217 + * The framework will decrease the user interfaces to administrate xmlSec crypto
1218 + * engine. He can only focus on NSS layer functions. For examples, after the
1219 + * user set up a slot list handler to the keys store, he do not need to do any
1220 + * other work atop xmlSec interfaces, his action on the slot list handler, such
1221 + * as add a token to, delete a token from the list, will directly effect the key
1222 + * store behaviors.
1223 + *
1224 + * For example, a scenariio:
1225 + * 0. Create a slot list;( NSS interfaces )
1226 + * 1. Create a keys store;( xmlSec interfaces )
1227 + * 2. Set slot list with the keys store;( xmlSec Interfaces )
1228 + * 3. Add a slot to the slot list;( NSS interfaces )
1229 + * 4. Perform xml signature; ( xmlSec Interfaces )
1230 + * 5. Deleter a slot from the slot list;( NSS interfaces )
1231 + * 6. Perform xml encryption; ( xmlSec Interfaces )
1232 + * 7. Perform xml signature;( xmlSec Interfaces )
1233 + * 8. Destroy the keys store;( xmlSec Interfaces )
1234 + * 8. Destroy the slot list.( NSS Interfaces )
1235 + */
1236 #include "globals.h"
1238 #include <stdlib.h>
1239 #include <string.h>
1241 #include <nss.h>
1242 -#include <cert.h>
1243 #include <pk11func.h>
1244 +#include <prinit.h>
1245 #include <keyhi.h>
1247 -#include <libxml/tree.h>
1248 -
1249 #include <xmlsec/xmlsec.h>
1250 -#include <xmlsec/buffer.h>
1251 -#include <xmlsec/base64.h>
1252 +#include <xmlsec/keys.h>
1253 #include <xmlsec/errors.h>
1254 #include <xmlsec/xmltree.h>
1256 @@ -38,82 +58,461 @@
1258 #include <xmlsec/nss/crypto.h>
1259 #include <xmlsec/nss/keysstore.h>
1260 -#include <xmlsec/nss/x509.h>
1261 +#include <xmlsec/nss/tokens.h>
1262 +#include <xmlsec/nss/ciphers.h>
1263 #include <xmlsec/nss/pkikeys.h>
1265 /****************************************************************************
1266 *
1267 - * Nss Keys Store. Uses Simple Keys Store under the hood
1268 + * Internal NSS key store context
1269 *
1270 - * Simple Keys Store ptr is located after xmlSecKeyStore
1271 + * This context is located after xmlSecKeyStore
1272 *
1273 ***************************************************************************/
1274 +typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ;
1275 +typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ;
1276 +
1277 +struct _xmlSecNssKeysStoreCtx {
1278 + xmlSecPtrListPtr keyList ;
1279 + xmlSecPtrListPtr slotList ;
1280 +} ;
1281 +
1282 #define xmlSecNssKeysStoreSize \
1283 - (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr))
1284 + ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) )
1286 -#define xmlSecNssKeysStoreGetSS(store) \
1287 - ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \
1288 - (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \
1289 - (xmlSecKeyStorePtr*)NULL)
1290 -
1291 -static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store);
1292 -static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store);
1293 -static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store,
1294 - const xmlChar* name,
1295 - xmlSecKeyInfoCtxPtr keyInfoCtx);
1296 +#define xmlSecNssKeysStoreGetCtx( data ) \
1297 + ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) )
1299 -static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
1300 - sizeof(xmlSecKeyStoreKlass),
1301 - xmlSecNssKeysStoreSize,
1302 +int xmlSecNssKeysStoreAdoptKeySlot(
1303 + xmlSecKeyStorePtr store ,
1304 + xmlSecNssKeySlotPtr keySlot
1305 +) {
1306 + xmlSecNssKeysStoreCtxPtr context = NULL ;
1307 +
1308 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
1309 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
1310 + context = xmlSecNssKeysStoreGetCtx( store ) ;
1311 + if( context == NULL ) {
1312 + xmlSecError( XMLSEC_ERRORS_HERE ,
1313 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1314 + "xmlSecNssKeysStoreGetCtx" ,
1315 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1316 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1317 + return -1 ;
1318 + }
1319 +
1320 + if( context->slotList == NULL ) {
1321 + if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) {
1322 + xmlSecError( XMLSEC_ERRORS_HERE ,
1323 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1324 + "xmlSecPtrListCreate" ,
1325 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1326 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1327 + return -1 ;
1328 + }
1329 + }
1330 +
1331 + if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) {
1332 + xmlSecError( XMLSEC_ERRORS_HERE ,
1333 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1334 + "xmlSecPtrListCheckId" ,
1335 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1336 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1337 + return -1 ;
1338 + }
1339 +
1340 + if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) {
1341 + xmlSecError( XMLSEC_ERRORS_HERE ,
1342 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1343 + "xmlSecPtrListAdd" ,
1344 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1345 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1346 + return -1 ;
1347 + }
1348 + return 0 ;
1349 +}
1351 - /* data */
1352 - BAD_CAST "NSS-keys-store", /* const xmlChar* name; */
1353 -
1354 - /* constructors/destructor */
1355 - xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */
1356 - xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */
1357 - xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */
1358 -
1359 - /* reserved for the future */
1360 - NULL, /* void* reserved0; */
1361 - NULL, /* void* reserved1; */
1362 -};
1363 +int xmlSecNssKeysStoreAdoptKey(
1364 + xmlSecKeyStorePtr store ,
1365 + xmlSecKeyPtr key
1366 +) {
1367 + xmlSecNssKeysStoreCtxPtr context = NULL ;
1368 +
1369 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
1370 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
1371 +
1372 + context = xmlSecNssKeysStoreGetCtx( store ) ;
1373 + if( context == NULL ) {
1374 + xmlSecError( XMLSEC_ERRORS_HERE ,
1375 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1376 + "xmlSecNssKeysStoreGetCtx" ,
1377 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1378 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1379 + return -1 ;
1380 + }
1381 +
1382 + if( context->keyList == NULL ) {
1383 + if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) {
1384 + xmlSecError( XMLSEC_ERRORS_HERE ,
1385 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1386 + "xmlSecPtrListCreate" ,
1387 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1388 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1389 + return -1 ;
1390 + }
1391 + }
1392 +
1393 + if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) {
1394 + xmlSecError( XMLSEC_ERRORS_HERE ,
1395 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1396 + "xmlSecPtrListCheckId" ,
1397 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1398 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1399 + return -1 ;
1400 + }
1401 +
1402 + if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) {
1403 + xmlSecError( XMLSEC_ERRORS_HERE ,
1404 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1405 + "xmlSecPtrListAdd" ,
1406 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1407 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1408 + return -1 ;
1409 + }
1411 -/**
1412 - * xmlSecNssKeysStoreGetKlass:
1413 - *
1414 - * The Nss list based keys store klass.
1415 + return 0 ;
1416 +}
1417 +
1418 +/*
1419 + * xmlSecKeyStoreInitializeMethod:
1420 + * @store: the store.
1421 + *
1422 + * Keys store specific initialization method.
1423 *
1424 - * Returns: Nss list based keys store klass.
1425 + * Returns 0 on success or a negative value if an error occurs.
1426 */
1427 -xmlSecKeyStoreId
1428 -xmlSecNssKeysStoreGetKlass(void) {
1429 - return(&xmlSecNssKeysStoreKlass);
1430 +static int
1431 +xmlSecNssKeysStoreInitialize(
1432 + xmlSecKeyStorePtr store
1433 +) {
1434 + xmlSecNssKeysStoreCtxPtr context = NULL ;
1435 +
1436 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ;
1437 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ;
1438 +
1439 + context = xmlSecNssKeysStoreGetCtx( store ) ;
1440 + if( context == NULL ) {
1441 + xmlSecError( XMLSEC_ERRORS_HERE ,
1442 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1443 + "xmlSecNssKeysStoreGetCtx" ,
1444 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1445 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1446 + return -1 ;
1447 + }
1448 +
1449 + context->keyList = NULL ;
1450 + context->slotList = NULL ;
1451 +
1452 + return 0 ;
1453 }
1455 /**
1456 - * xmlSecNssKeysStoreAdoptKey:
1457 - * @store: the pointer to Nss keys store.
1458 - * @key: the pointer to key.
1459 - *
1460 - * Adds @key to the @store.
1461 *
1462 - * Returns: 0 on success or a negative value if an error occurs.
1463 + * xmlSecKeyStoreFinalizeMethod:
1464 + * @store: the store.
1465 + *
1466 + * Keys store specific finalization (destroy) method.
1467 */
1468 -int
1469 -xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) {
1470 - xmlSecKeyStorePtr *ss;
1471 -
1472 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
1473 - xmlSecAssert2((key != NULL), -1);
1474 +void
1475 +xmlSecNssKeysStoreFinalize(
1476 + xmlSecKeyStorePtr store
1477 +) {
1478 + xmlSecNssKeysStoreCtxPtr context = NULL ;
1479 +
1480 + xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ;
1481 + xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ;
1482 +
1483 + context = xmlSecNssKeysStoreGetCtx( store ) ;
1484 + if( context == NULL ) {
1485 + xmlSecError( XMLSEC_ERRORS_HERE ,
1486 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1487 + "xmlSecNssKeysStoreGetCtx" ,
1488 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1489 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1490 + return ;
1491 + }
1492 +
1493 + if( context->keyList != NULL ) {
1494 + xmlSecPtrListDestroy( context->keyList ) ;
1495 + context->keyList = NULL ;
1496 + }
1497 +
1498 + if( context->slotList != NULL ) {
1499 + xmlSecPtrListDestroy( context->slotList ) ;
1500 + context->slotList = NULL ;
1501 + }
1502 +}
1503 +
1504 +xmlSecKeyPtr
1505 +xmlSecNssKeysStoreFindKeyFromSlot(
1506 + PK11SlotInfo* slot,
1507 + const xmlChar* name,
1508 + xmlSecKeyInfoCtxPtr keyInfoCtx
1509 +) {
1510 + xmlSecKeyPtr key = NULL ;
1511 + xmlSecKeyDataPtr data = NULL ;
1512 + int length ;
1513 +
1514 + xmlSecAssert2( slot != NULL , NULL ) ;
1515 + xmlSecAssert2( name != NULL , NULL ) ;
1516 + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
1517 +
1518 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) {
1519 + PK11SymKey* symKey ;
1520 + PK11SymKey* curKey ;
1521 +
1522 + /* Find symmetric key from the slot by name */
1523 + symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ;
1524 + for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) {
1525 + /* Check the key request */
1526 + length = PK11_GetKeyLength( curKey ) ;
1527 + length *= 8 ;
1528 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
1529 + ( length > 0 ) &&
1530 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
1531 + continue ;
1532 +
1533 + /* We find a eligible key */
1534 + data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ;
1535 + if( data == NULL ) {
1536 + /* Do nothing */
1537 + }
1538 + break ;
1539 + }
1540 +
1541 + /* Destroy the sym key list */
1542 + for( curKey = symKey ; curKey != NULL ; ) {
1543 + symKey = curKey ;
1544 + curKey = PK11_GetNextSymKey( symKey ) ;
1545 + PK11_FreeSymKey( symKey ) ;
1546 + }
1547 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
1548 + SECKEYPublicKeyList* pubKeyList ;
1549 + SECKEYPublicKey* pubKey ;
1550 + SECKEYPublicKeyListNode* curPub ;
1551 +
1552 + /* Find asymmetric key from the slot by name */
1553 + pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ;
1554 + pubKey = NULL ;
1555 + curPub = PUBKEY_LIST_HEAD(pubKeyList);
1556 + for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) {
1557 + /* Check the key request */
1558 + length = SECKEY_PublicKeyStrength( curPub->key ) ;
1559 + length *= 8 ;
1560 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
1561 + ( length > 0 ) &&
1562 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
1563 + continue ;
1564 +
1565 + /* We find a eligible key */
1566 + pubKey = curPub->key ;
1567 + break ;
1568 + }
1569 +
1570 + if( pubKey != NULL ) {
1571 + data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
1572 + if( data == NULL ) {
1573 + /* Do nothing */
1574 + }
1575 + }
1576 +
1577 + /* Destroy the public key list */
1578 + SECKEY_DestroyPublicKeyList( pubKeyList ) ;
1579 + } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
1580 + SECKEYPrivateKeyList* priKeyList = NULL ;
1581 + SECKEYPrivateKey* priKey = NULL ;
1582 + SECKEYPrivateKeyListNode* curPri ;
1583 +
1584 + /* Find asymmetric key from the slot by name */
1585 + priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ;
1586 + priKey = NULL ;
1587 + curPri = PRIVKEY_LIST_HEAD(priKeyList);
1588 + for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) {
1589 + /* Check the key request */
1590 + length = PK11_SignatureLen( curPri->key ) ;
1591 + length *= 8 ;
1592 + if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) &&
1593 + ( length > 0 ) &&
1594 + ( length < keyInfoCtx->keyReq.keyBitsSize ) )
1595 + continue ;
1596 +
1597 + /* We find a eligible key */
1598 + priKey = curPri->key ;
1599 + break ;
1600 + }
1601 +
1602 + if( priKey != NULL ) {
1603 + data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
1604 + if( data == NULL ) {
1605 + /* Do nothing */
1606 + }
1607 + }
1608 +
1609 + /* Destroy the private key list */
1610 + SECKEY_DestroyPrivateKeyList( priKeyList ) ;
1611 + }
1612 +
1613 + /* If we have gotten the key value */
1614 + if( data != NULL ) {
1615 + if( ( key = xmlSecKeyCreate() ) == NULL ) {
1616 + xmlSecError( XMLSEC_ERRORS_HERE ,
1617 + NULL ,
1618 + "xmlSecKeyCreate" ,
1619 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1620 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1621 +
1622 + xmlSecKeyDataDestroy( data ) ;
1623 + return NULL ;
1624 + }
1625 +
1626 + if( xmlSecKeySetValue( key , data ) < 0 ) {
1627 + xmlSecError( XMLSEC_ERRORS_HERE ,
1628 + NULL ,
1629 + "xmlSecKeySetValue" ,
1630 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1631 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1632 +
1633 + xmlSecKeyDestroy( key ) ;
1634 + xmlSecKeyDataDestroy( data ) ;
1635 + return NULL ;
1636 + }
1637 + }
1639 - ss = xmlSecNssKeysStoreGetSS(store);
1640 - xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
1641 - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
1642 + return(key);
1643 +}
1644 +
1645 +/**
1646 + * xmlSecKeyStoreFindKeyMethod:
1647 + * @store: the store.
1648 + * @name: the desired key name.
1649 + * @keyInfoCtx: the pointer to key info context.
1650 + *
1651 + * Keys store specific find method. The caller is responsible for destroying
1652 + * the returned key using #xmlSecKeyDestroy method.
1653 + *
1654 + * Returns the pointer to a key or NULL if key is not found or an error occurs.
1655 + */
1656 +static xmlSecKeyPtr
1657 +xmlSecNssKeysStoreFindKey(
1658 + xmlSecKeyStorePtr store ,
1659 + const xmlChar* name ,
1660 + xmlSecKeyInfoCtxPtr keyInfoCtx
1661 +) {
1662 + xmlSecNssKeysStoreCtxPtr context = NULL ;
1663 + xmlSecKeyPtr key = NULL ;
1664 + xmlSecNssKeySlotPtr keySlot = NULL ;
1665 + xmlSecSize pos ;
1666 + xmlSecSize size ;
1667 +
1668 + xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ;
1669 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ;
1670 + xmlSecAssert2( keyInfoCtx != NULL , NULL ) ;
1671 +
1672 + context = xmlSecNssKeysStoreGetCtx( store ) ;
1673 + if( context == NULL ) {
1674 + xmlSecError( XMLSEC_ERRORS_HERE ,
1675 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1676 + "xmlSecNssKeysStoreGetCtx" ,
1677 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1678 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1679 + return NULL ;
1680 + }
1681 +
1682 + /*-
1683 + * Look for key at keyList at first.
1684 + */
1685 + if( context->keyList != NULL ) {
1686 + size = xmlSecPtrListGetSize( context->keyList ) ;
1687 + for( pos = 0 ; pos < size ; pos ++ ) {
1688 + key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ;
1689 + if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) {
1690 + return xmlSecKeyDuplicate( key ) ;
1691 + }
1692 + }
1693 + }
1694 +
1695 + /*-
1696 + * Find the key from slotList
1697 + */
1698 + if( context->slotList != NULL ) {
1699 + PK11SlotInfo* slot = NULL ;
1700 +
1701 + size = xmlSecPtrListGetSize( context->slotList ) ;
1702 + for( pos = 0 ; pos < size ; pos ++ ) {
1703 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ;
1704 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
1705 + if( slot == NULL ) {
1706 + continue ;
1707 + } else {
1708 + key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ;
1709 + if( key == NULL ) {
1710 + continue ;
1711 + } else {
1712 + return( key ) ;
1713 + }
1714 + }
1715 + }
1716 + }
1717 +
1718 + /*-
1719 + * Create a session key if we can not find the key from keyList and slotList
1720 + */
1721 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) {
1722 + key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ;
1723 + if( key == NULL ) {
1724 + xmlSecError( XMLSEC_ERRORS_HERE ,
1725 + xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) ,
1726 + "xmlSecKeySetValue" ,
1727 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
1728 + XMLSEC_ERRORS_NO_MESSAGE ) ;
1729 + return NULL ;
1730 + }
1731 +
1732 + return key ;
1733 + }
1734 +
1735 + /**
1736 + * We have no way to find the key any more.
1737 + */
1738 + return NULL ;
1739 +}
1740 +
1741 +static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = {
1742 + sizeof( xmlSecKeyStoreKlass ) ,
1743 + xmlSecNssKeysStoreSize ,
1744 + BAD_CAST "implicit_nss_keys_store" ,
1745 + xmlSecNssKeysStoreInitialize ,
1746 + xmlSecNssKeysStoreFinalize ,
1747 + xmlSecNssKeysStoreFindKey ,
1748 + NULL ,
1749 + NULL
1750 +} ;
1752 - return (xmlSecSimpleKeysStoreAdoptKey(*ss, key));
1753 +/**
1754 + * xmlSecNssKeysStoreGetKlass:
1755 + *
1756 + * The simple list based keys store klass.
1757 + *
1758 + */
1759 +xmlSecKeyStoreId
1760 +xmlSecNssKeysStoreGetKlass( void ) {
1761 + return &xmlSecNssKeysStoreKlass ;
1762 }
1764 +/**************************
1765 + * Application routines
1766 + */
1767 +
1768 /**
1769 * xmlSecNssKeysStoreLoad:
1770 * @store: the pointer to Nss keys store.
1771 @@ -252,234 +651,147 @@
1772 */
1773 int
1774 xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) {
1775 - xmlSecKeyStorePtr *ss;
1776 + xmlSecKeyInfoCtx keyInfoCtx;
1777 + xmlSecNssKeysStoreCtxPtr context ;
1778 + xmlSecPtrListPtr list;
1779 + xmlSecKeyPtr key;
1780 + xmlSecSize i, keysSize;
1781 + xmlDocPtr doc;
1782 + xmlNodePtr cur;
1783 + xmlSecKeyDataPtr data;
1784 + xmlSecPtrListPtr idsList;
1785 + xmlSecKeyDataId dataId;
1786 + xmlSecSize idsSize, j;
1787 + int ret;
1789 xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
1790 - xmlSecAssert2((filename != NULL), -1);
1791 -
1792 - ss = xmlSecNssKeysStoreGetSS(store);
1793 - xmlSecAssert2(((ss != NULL) && (*ss != NULL) &&
1794 - (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1);
1795 -
1796 - return (xmlSecSimpleKeysStoreSave(*ss, filename, type));
1797 -}
1798 -
1799 -static int
1800 -xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) {
1801 - xmlSecKeyStorePtr *ss;
1802 + xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ;
1803 + xmlSecAssert2(filename != NULL, -1);
1805 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1);
1806 + context = xmlSecNssKeysStoreGetCtx( store ) ;
1807 + xmlSecAssert2( context != NULL, -1 );
1809 - ss = xmlSecNssKeysStoreGetSS(store);
1810 - xmlSecAssert2((*ss == NULL), -1);
1811 + list = context->keyList ;
1812 + xmlSecAssert2( list != NULL, -1 );
1813 + xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1);
1815 - *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
1816 - if(*ss == NULL) {
1817 - xmlSecError(XMLSEC_ERRORS_HERE,
1818 + /* create doc */
1819 + doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs);
1820 + if(doc == NULL) {
1821 + xmlSecError(XMLSEC_ERRORS_HERE,
1822 xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1823 - "xmlSecKeyStoreCreate",
1824 + "xmlSecCreateTree",
1825 XMLSEC_ERRORS_R_XMLSEC_FAILED,
1826 - "xmlSecSimpleKeysStoreId");
1827 + XMLSEC_ERRORS_NO_MESSAGE);
1828 return(-1);
1829 }
1831 - return(0);
1832 -}
1833 -
1834 -static void
1835 -xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) {
1836 - xmlSecKeyStorePtr *ss;
1837 -
1838 - xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId));
1839 -
1840 - ss = xmlSecNssKeysStoreGetSS(store);
1841 - xmlSecAssert((ss != NULL) && (*ss != NULL));
1842 -
1843 - xmlSecKeyStoreDestroy(*ss);
1844 -}
1845 -
1846 -static xmlSecKeyPtr
1847 -xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name,
1848 - xmlSecKeyInfoCtxPtr keyInfoCtx) {
1849 - xmlSecKeyStorePtr* ss;
1850 - xmlSecKeyPtr key = NULL;
1851 - xmlSecKeyPtr retval = NULL;
1852 - xmlSecKeyReqPtr keyReq = NULL;
1853 - CERTCertificate *cert = NULL;
1854 - SECKEYPublicKey *pubkey = NULL;
1855 - SECKEYPrivateKey *privkey = NULL;
1856 - xmlSecKeyDataPtr data = NULL;
1857 - xmlSecKeyDataPtr x509Data = NULL;
1858 - int ret;
1859 -
1860 - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL);
1861 - xmlSecAssert2(keyInfoCtx != NULL, NULL);
1862 -
1863 - ss = xmlSecNssKeysStoreGetSS(store);
1864 - xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL);
1865 -
1866 - key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx);
1867 - if (key != NULL) {
1868 - return (key);
1869 - }
1870 -
1871 - /* Try to find the key in the NSS DB, and construct an xmlSecKey.
1872 - * we must have a name to lookup keys in NSS DB.
1873 - */
1874 - if (name == NULL) {
1875 - goto done;
1876 - }
1877 + idsList = xmlSecKeyDataIdsGet();
1878 + xmlSecAssert2(idsList != NULL, -1);
1880 - /* what type of key are we looking for?
1881 - * TBD: For now, we'll look only for public/private keys using the
1882 - * name as a cert nickname. Later on, we can attempt to find
1883 - * symmetric keys using PK11_FindFixedKey
1884 - */
1885 - keyReq = &(keyInfoCtx->keyReq);
1886 - if (keyReq->keyType &
1887 - (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) {
1888 - cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name);
1889 - if (cert == NULL) {
1890 - goto done;
1891 - }
1892 + keysSize = xmlSecPtrListGetSize(list);
1893 + idsSize = xmlSecPtrListGetSize(idsList);
1894 + for(i = 0; i < keysSize; ++i) {
1895 + key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i);
1896 + xmlSecAssert2(key != NULL, -1);
1898 - if (keyReq->keyType & xmlSecKeyDataTypePublic) {
1899 - pubkey = CERT_ExtractPublicKey(cert);
1900 - if (pubkey == NULL) {
1901 + cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs);
1902 + if(cur == NULL) {
1903 xmlSecError(XMLSEC_ERRORS_HERE,
1904 - NULL,
1905 - "CERT_ExtractPublicKey",
1906 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
1907 - XMLSEC_ERRORS_NO_MESSAGE);
1908 - goto done;
1909 - }
1910 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1911 + "xmlSecAddChild",
1912 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1913 + "node=%s",
1914 + xmlSecErrorsSafeString(xmlSecNodeKeyInfo));
1915 + xmlFreeDoc(doc);
1916 + return(-1);
1917 }
1919 - if (keyReq->keyType & xmlSecKeyDataTypePrivate) {
1920 - privkey = PK11_FindKeyByAnyCert(cert, NULL);
1921 - if (privkey == NULL) {
1922 + /* special data key name */
1923 + if(xmlSecKeyGetName(key) != NULL) {
1924 + if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) {
1925 xmlSecError(XMLSEC_ERRORS_HERE,
1926 - NULL,
1927 - "PK11_FindKeyByAnyCert",
1928 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
1929 - XMLSEC_ERRORS_NO_MESSAGE);
1930 - goto done;
1931 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
1932 + "xmlSecAddChild",
1933 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
1934 + "node=%s",
1935 + xmlSecErrorsSafeString(xmlSecNodeKeyName));
1936 + xmlFreeDoc(doc);
1937 + return(-1);
1938 }
1939 }
1941 - data = xmlSecNssPKIAdoptKey(privkey, pubkey);
1942 - if(data == NULL) {
1943 - xmlSecError(XMLSEC_ERRORS_HERE,
1944 - NULL,
1945 - "xmlSecNssPKIAdoptKey",
1946 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1947 - XMLSEC_ERRORS_NO_MESSAGE);
1948 - goto done;
1949 - }
1950 - privkey = NULL;
1951 - pubkey = NULL;
1952 -
1953 - key = xmlSecKeyCreate();
1954 - if (key == NULL) {
1955 - xmlSecError(XMLSEC_ERRORS_HERE,
1956 - NULL,
1957 - "xmlSecKeyCreate",
1958 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1959 - XMLSEC_ERRORS_NO_MESSAGE);
1960 - return (NULL);
1961 - }
1962 -
1963 - x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id);
1964 - if(x509Data == NULL) {
1965 - xmlSecError(XMLSEC_ERRORS_HERE,
1966 - NULL,
1967 - "xmlSecKeyDataCreate",
1968 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1969 - "transform=%s",
1970 - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)));
1971 - goto done;
1972 - }
1973 + /* create nodes for other keys data */
1974 + for(j = 0; j < idsSize; ++j) {
1975 + dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j);
1976 + xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1);
1977 +
1978 + if(dataId->dataNodeName == NULL) {
1979 + continue;
1980 + }
1981 +
1982 + data = xmlSecKeyGetData(key, dataId);
1983 + if(data == NULL) {
1984 + continue;
1985 + }
1987 - ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert);
1988 - if (ret < 0) {
1989 - xmlSecError(XMLSEC_ERRORS_HERE,
1990 - NULL,
1991 - "xmlSecNssKeyDataX509AdoptKeyCert",
1992 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
1993 - "data=%s",
1994 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
1995 - goto done;
1996 - }
1997 - cert = CERT_DupCertificate(cert);
1998 - if (cert == NULL) {
1999 - xmlSecError(XMLSEC_ERRORS_HERE,
2000 - NULL,
2001 - "CERT_DupCertificate",
2002 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
2003 - "data=%s",
2004 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
2005 - goto done;
2006 + if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) {
2007 + xmlSecError(XMLSEC_ERRORS_HERE,
2008 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2009 + "xmlSecAddChild",
2010 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2011 + "node=%s",
2012 + xmlSecErrorsSafeString(dataId->dataNodeName));
2013 + xmlFreeDoc(doc);
2014 + return(-1);
2015 + }
2016 }
2018 - ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert);
2019 + ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL);
2020 if (ret < 0) {
2021 xmlSecError(XMLSEC_ERRORS_HERE,
2022 - NULL,
2023 - "xmlSecNssKeyDataX509AdoptCert",
2024 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2025 + "xmlSecKeyInfoCtxInitialize",
2026 XMLSEC_ERRORS_R_XMLSEC_FAILED,
2027 - "data=%s",
2028 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
2029 - goto done;
2030 + XMLSEC_ERRORS_NO_MESSAGE);
2031 + xmlFreeDoc(doc);
2032 + return(-1);
2033 }
2034 - cert = NULL;
2036 - ret = xmlSecKeySetValue(key, data);
2037 - if (ret < 0) {
2038 - xmlSecError(XMLSEC_ERRORS_HERE,
2039 - NULL,
2040 - "xmlSecKeySetValue",
2041 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
2042 - "data=%s",
2043 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)));
2044 - goto done;
2045 - }
2046 - data = NULL;
2047 + keyInfoCtx.mode = xmlSecKeyInfoModeWrite;
2048 + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
2049 + keyInfoCtx.keyReq.keyType = type;
2050 + keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
2052 - ret = xmlSecKeyAdoptData(key, x509Data);
2053 + /* finally write key in the node */
2054 + ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx);
2055 if (ret < 0) {
2056 xmlSecError(XMLSEC_ERRORS_HERE,
2057 - NULL,
2058 - "xmlSecKeyAdoptData",
2059 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2060 + "xmlSecKeyInfoNodeWrite",
2061 XMLSEC_ERRORS_R_XMLSEC_FAILED,
2062 - "data=%s",
2063 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
2064 - goto done;
2065 - }
2066 - x509Data = NULL;
2067 + XMLSEC_ERRORS_NO_MESSAGE);
2068 + xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
2069 + xmlFreeDoc(doc);
2070 + return(-1);
2071 + }
2073 - retval = key;
2074 - key = NULL;
2075 + xmlSecKeyInfoCtxFinalize(&keyInfoCtx);
2076 }
2078 -done:
2079 - if (cert != NULL) {
2080 - CERT_DestroyCertificate(cert);
2081 - }
2082 - if (pubkey != NULL) {
2083 - SECKEY_DestroyPublicKey(pubkey);
2084 - }
2085 - if (privkey != NULL) {
2086 - SECKEY_DestroyPrivateKey(privkey);
2087 - }
2088 - if (data != NULL) {
2089 - xmlSecKeyDataDestroy(data);
2090 - }
2091 - if (x509Data != NULL) {
2092 - xmlSecKeyDataDestroy(x509Data);
2093 - }
2094 - if (key != NULL) {
2095 - xmlSecKeyDestroy(key);
2096 + /* now write result */
2097 + ret = xmlSaveFormatFile(filename, doc, 1);
2098 + if (ret < 0) {
2099 + xmlSecError(XMLSEC_ERRORS_HERE,
2100 + xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)),
2101 + "xmlSaveFormatFile",
2102 + XMLSEC_ERRORS_R_XML_FAILED,
2103 + "filename=%s",
2104 + xmlSecErrorsSafeString(filename));
2105 + xmlFreeDoc(doc);
2106 + return(-1);
2107 }
2109 - return (retval);
2110 + xmlFreeDoc(doc);
2111 + return(0);
2112 }
2113 --- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200
2114 +++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200
2115 @@ -1 +1,1213 @@
2116 -dummy
2117 +/**
2118 + *
2119 + * XMLSec library
2120 + *
2121 + * AES Algorithm support
2122 + *
2123 + * This is free software; see Copyright file in the source
2124 + * distribution for preciese wording.
2125 + *
2126 + * Copyright .................................
2127 + */
2128 +#include "globals.h"
2129 +
2130 +#include <stdlib.h>
2131 +#include <stdio.h>
2132 +#include <string.h>
2133 +
2134 +#include <nss.h>
2135 +#include <pk11func.h>
2136 +#include <hasht.h>
2137 +
2138 +#include <xmlsec/xmlsec.h>
2139 +#include <xmlsec/xmltree.h>
2140 +#include <xmlsec/keys.h>
2141 +#include <xmlsec/transforms.h>
2142 +#include <xmlsec/errors.h>
2143 +
2144 +#include <xmlsec/nss/crypto.h>
2145 +#include <xmlsec/nss/ciphers.h>
2146 +
2147 +#define XMLSEC_NSS_AES128_KEY_SIZE 16
2148 +#define XMLSEC_NSS_AES192_KEY_SIZE 24
2149 +#define XMLSEC_NSS_AES256_KEY_SIZE 32
2150 +#define XMLSEC_NSS_DES3_KEY_SIZE 24
2151 +#define XMLSEC_NSS_DES3_KEY_LENGTH 24
2152 +#define XMLSEC_NSS_DES3_IV_LENGTH 8
2153 +#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
2154 +
2155 +static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
2156 + 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
2157 +};
2158 +
2159 +/*********************************************************************
2160 + *
2161 + * key wrap transforms
2162 + *
2163 + ********************************************************************/
2164 +typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
2165 +typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
2166 +
2167 +#define xmlSecNssKeyWrapSize \
2168 + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
2169 +
2170 +#define xmlSecNssKeyWrapGetCtx( transform ) \
2171 + ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
2172 +
2173 +struct _xmlSecNssKeyWrapCtx {
2174 + CK_MECHANISM_TYPE cipher ;
2175 + PK11SymKey* symkey ;
2176 + xmlSecKeyDataId keyId ;
2177 + xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
2178 +} ;
2179 +
2180 +static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
2181 +static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
2182 +static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
2183 + xmlSecKeyReqPtr keyReq);
2184 +static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
2185 + xmlSecKeyPtr key);
2186 +static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
2187 + int last,
2188 + xmlSecTransformCtxPtr transformCtx);
2189 +static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
2190 +
2191 +static int
2192 +xmlSecNssKeyWrapCheckId(
2193 + xmlSecTransformPtr transform
2194 +) {
2195 + #ifndef XMLSEC_NO_DES
2196 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
2197 + return(1);
2198 + }
2199 + #endif /* XMLSEC_NO_DES */
2200 +
2201 + #ifndef XMLSEC_NO_AES
2202 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
2203 + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
2204 + xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
2205 +
2206 + return(1);
2207 + }
2208 + #endif /* XMLSEC_NO_AES */
2209 +
2210 + return(0);
2211 +}
2212 +
2213 +static xmlSecSize
2214 +xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
2215 +#ifndef XMLSEC_NO_DES
2216 + if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
2217 + return(XMLSEC_NSS_DES3_KEY_SIZE);
2218 + } else
2219 +#endif /* XMLSEC_NO_DES */
2220 +
2221 +#ifndef XMLSEC_NO_AES
2222 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
2223 + return(XMLSEC_NSS_AES128_KEY_SIZE);
2224 + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
2225 + return(XMLSEC_NSS_AES192_KEY_SIZE);
2226 + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
2227 + return(XMLSEC_NSS_AES256_KEY_SIZE);
2228 + } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
2229 + return(XMLSEC_NSS_AES256_KEY_SIZE);
2230 + } else
2231 +#endif /* XMLSEC_NO_AES */
2232 +
2233 + if(1)
2234 + return(0);
2235 +}
2236 +
2237 +
2238 +static int
2239 +xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
2240 + xmlSecNssKeyWrapCtxPtr context ;
2241 + int ret;
2242 +
2243 + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
2244 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
2245 +
2246 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
2247 + xmlSecAssert2( context != NULL , -1 ) ;
2248 +
2249 + #ifndef XMLSEC_NO_DES
2250 + if( transform->id == xmlSecNssTransformKWDes3Id ) {
2251 + context->cipher = CKM_DES3_CBC ;
2252 + context->keyId = xmlSecNssKeyDataDesId ;
2253 + } else
2254 + #endif /* XMLSEC_NO_DES */
2255 +
2256 + #ifndef XMLSEC_NO_AES
2257 + if( transform->id == xmlSecNssTransformKWAes128Id ) {
2258 + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
2259 + context->cipher = CKM_AES_CBC ;
2260 + context->keyId = xmlSecNssKeyDataAesId ;
2261 + } else
2262 + if( transform->id == xmlSecNssTransformKWAes192Id ) {
2263 + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
2264 + context->cipher = CKM_AES_CBC ;
2265 + context->keyId = xmlSecNssKeyDataAesId ;
2266 + } else
2267 + if( transform->id == xmlSecNssTransformKWAes256Id ) {
2268 + /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
2269 + context->cipher = CKM_AES_CBC ;
2270 + context->keyId = xmlSecNssKeyDataAesId ;
2271 + } else
2272 + #endif /* XMLSEC_NO_AES */
2273 +
2274 +
2275 + if( 1 ) {
2276 + xmlSecError( XMLSEC_ERRORS_HERE ,
2277 + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
2278 + NULL ,
2279 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2280 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2281 + return(-1);
2282 + }
2283 +
2284 + context->symkey = NULL ;
2285 + context->material = NULL ;
2286 +
2287 + return(0);
2288 +}
2289 +
2290 +static void
2291 +xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
2292 + xmlSecNssKeyWrapCtxPtr context ;
2293 +
2294 + xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
2295 + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
2296 +
2297 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
2298 + xmlSecAssert( context != NULL ) ;
2299 +
2300 + if( context->symkey != NULL ) {
2301 + PK11_FreeSymKey( context->symkey ) ;
2302 + context->symkey = NULL ;
2303 + }
2304 +
2305 + if( context->material != NULL ) {
2306 + xmlSecBufferDestroy(context->material);
2307 + context->material = NULL ;
2308 + }
2309 +}
2310 +
2311 +static int
2312 +xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
2313 + xmlSecNssKeyWrapCtxPtr context ;
2314 + xmlSecSize cipherSize = 0 ;
2315 +
2316 +
2317 + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
2318 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
2319 + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
2320 + xmlSecAssert2(keyReq != NULL, -1);
2321 +
2322 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
2323 + xmlSecAssert2( context != NULL , -1 ) ;
2324 +
2325 + keyReq->keyId = context->keyId;
2326 + keyReq->keyType = xmlSecKeyDataTypeSymmetric;
2327 + if(transform->operation == xmlSecTransformOperationEncrypt) {
2328 + keyReq->keyUsage = xmlSecKeyUsageEncrypt;
2329 + } else {
2330 + keyReq->keyUsage = xmlSecKeyUsageDecrypt;
2331 + }
2332 +
2333 + keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
2334 +
2335 + return(0);
2336 +}
2337 +
2338 +static int
2339 +xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
2340 + xmlSecNssKeyWrapCtxPtr context = NULL ;
2341 + xmlSecKeyDataPtr keyData = NULL ;
2342 + PK11SymKey* symkey = NULL ;
2343 +
2344 + xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
2345 + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
2346 + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
2347 + xmlSecAssert2(key != NULL, -1);
2348 +
2349 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
2350 + if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
2351 + xmlSecError( XMLSEC_ERRORS_HERE ,
2352 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
2353 + "xmlSecNssKeyWrapGetCtx" ,
2354 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2355 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2356 + return(-1);
2357 + }
2358 + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
2359 +
2360 + keyData = xmlSecKeyGetValue( key ) ;
2361 + if( keyData == NULL ) {
2362 + xmlSecError( XMLSEC_ERRORS_HERE ,
2363 + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
2364 + "xmlSecKeyGetValue" ,
2365 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2366 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2367 + return(-1);
2368 + }
2369 +
2370 + if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
2371 + xmlSecError( XMLSEC_ERRORS_HERE ,
2372 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
2373 + "xmlSecNssSymKeyDataGetKey" ,
2374 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2375 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2376 + return(-1);
2377 + }
2378 +
2379 + context->symkey = symkey ;
2380 +
2381 + return(0) ;
2382 +}
2383 +
2384 +/**
2385 + * key wrap transform
2386 + */
2387 +static int
2388 +xmlSecNssKeyWrapCtxInit(
2389 + xmlSecNssKeyWrapCtxPtr ctx ,
2390 + xmlSecBufferPtr in ,
2391 + xmlSecBufferPtr out ,
2392 + int encrypt ,
2393 + xmlSecTransformCtxPtr transformCtx
2394 +) {
2395 + xmlSecSize blockSize ;
2396 +
2397 + xmlSecAssert2( ctx != NULL , -1 ) ;
2398 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2399 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2400 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2401 + xmlSecAssert2( in != NULL , -1 ) ;
2402 + xmlSecAssert2( out != NULL , -1 ) ;
2403 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
2404 +
2405 + if( ctx->material != NULL ) {
2406 + xmlSecBufferDestroy( ctx->material ) ;
2407 + ctx->material = NULL ;
2408 + }
2409 +
2410 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
2411 + xmlSecError( XMLSEC_ERRORS_HERE ,
2412 + NULL ,
2413 + "PK11_GetBlockSize" ,
2414 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2415 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2416 + return(-1);
2417 + }
2418 +
2419 + ctx->material = xmlSecBufferCreate( blockSize ) ;
2420 + if( ctx->material == NULL ) {
2421 + xmlSecError( XMLSEC_ERRORS_HERE ,
2422 + NULL ,
2423 + "xmlSecBufferCreate" ,
2424 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2425 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2426 + return(-1);
2427 + }
2428 +
2429 + /* read raw key material into context */
2430 + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
2431 + xmlSecError( XMLSEC_ERRORS_HERE ,
2432 + NULL ,
2433 + "xmlSecBufferSetData" ,
2434 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2435 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2436 + return(-1);
2437 + }
2438 +
2439 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
2440 + xmlSecError( XMLSEC_ERRORS_HERE ,
2441 + NULL ,
2442 + "xmlSecBufferRemoveHead" ,
2443 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2444 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2445 + return(-1);
2446 + }
2447 +
2448 + return(0);
2449 +}
2450 +
2451 +/**
2452 + * key wrap transform update
2453 + */
2454 +static int
2455 +xmlSecNssKeyWrapCtxUpdate(
2456 + xmlSecNssKeyWrapCtxPtr ctx ,
2457 + xmlSecBufferPtr in ,
2458 + xmlSecBufferPtr out ,
2459 + int encrypt ,
2460 + xmlSecTransformCtxPtr transformCtx
2461 +) {
2462 + xmlSecAssert2( ctx != NULL , -1 ) ;
2463 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2464 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2465 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2466 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
2467 + xmlSecAssert2( in != NULL , -1 ) ;
2468 + xmlSecAssert2( out != NULL , -1 ) ;
2469 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
2470 +
2471 + /* read raw key material and append into context */
2472 + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
2473 + xmlSecError( XMLSEC_ERRORS_HERE ,
2474 + NULL ,
2475 + "xmlSecBufferAppend" ,
2476 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2477 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2478 + return(-1);
2479 + }
2480 +
2481 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
2482 + xmlSecError( XMLSEC_ERRORS_HERE ,
2483 + NULL ,
2484 + "xmlSecBufferRemoveHead" ,
2485 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2486 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2487 + return(-1);
2488 + }
2489 +
2490 + return(0);
2491 +}
2492 +
2493 +static int
2494 +xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
2495 + xmlSecSize s;
2496 + xmlSecSize i;
2497 + xmlSecByte c;
2498 +
2499 + xmlSecAssert2(buf != NULL, -1);
2500 +
2501 + s = size / 2;
2502 + --size;
2503 + for(i = 0; i < s; ++i) {
2504 + c = buf[i];
2505 + buf[i] = buf[size - i];
2506 + buf[size - i] = c;
2507 + }
2508 + return(0);
2509 +}
2510 +
2511 +static xmlSecByte *
2512 +xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
2513 + xmlSecByte *out, xmlSecSize outSize)
2514 +{
2515 + PK11Context *context = NULL;
2516 + SECStatus s;
2517 + xmlSecByte *digest = NULL;
2518 + unsigned int len;
2519 +
2520 + xmlSecAssert2(in != NULL, NULL);
2521 + xmlSecAssert2(out != NULL, NULL);
2522 + xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
2523 +
2524 + /* Create a context for hashing (digesting) */
2525 + context = PK11_CreateDigestContext(SEC_OID_SHA1);
2526 + if (context == NULL) {
2527 + xmlSecError(XMLSEC_ERRORS_HERE,
2528 + NULL,
2529 + "PK11_CreateDigestContext",
2530 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2531 + "error code = %d", PORT_GetError());
2532 + goto done;
2533 + }
2534 +
2535 + s = PK11_DigestBegin(context);
2536 + if (s != SECSuccess) {
2537 + xmlSecError(XMLSEC_ERRORS_HERE,
2538 + NULL,
2539 + "PK11_DigestBegin",
2540 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2541 + "error code = %d", PORT_GetError());
2542 + goto done;
2543 + }
2544 +
2545 + s = PK11_DigestOp(context, in, inSize);
2546 + if (s != SECSuccess) {
2547 + xmlSecError(XMLSEC_ERRORS_HERE,
2548 + NULL,
2549 + "PK11_DigestOp",
2550 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2551 + "error code = %d", PORT_GetError());
2552 + goto done;
2553 + }
2554 +
2555 + s = PK11_DigestFinal(context, out, &len, outSize);
2556 + if (s != SECSuccess) {
2557 + xmlSecError(XMLSEC_ERRORS_HERE,
2558 + NULL,
2559 + "PK11_DigestFinal",
2560 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2561 + "error code = %d", PORT_GetError());
2562 + goto done;
2563 + }
2564 + xmlSecAssert2(len == SHA1_LENGTH, NULL);
2565 +
2566 + digest = out;
2567 +
2568 +done:
2569 + if (context != NULL) {
2570 + PK11_DestroyContext(context, PR_TRUE);
2571 + }
2572 + return (digest);
2573 +}
2574 +
2575 +static int
2576 +xmlSecNssKWDes3Encrypt(
2577 + PK11SymKey* symKey ,
2578 + CK_MECHANISM_TYPE cipherMech ,
2579 + const xmlSecByte* iv ,
2580 + xmlSecSize ivSize ,
2581 + const xmlSecByte* in ,
2582 + xmlSecSize inSize ,
2583 + xmlSecByte* out ,
2584 + xmlSecSize outSize ,
2585 + int enc
2586 +) {
2587 + PK11Context* EncContext = NULL;
2588 + SECItem ivItem ;
2589 + SECItem* secParam = NULL ;
2590 + int tmp1_outlen;
2591 + unsigned int tmp2_outlen;
2592 + int result_len = -1;
2593 + SECStatus rv;
2594 +
2595 + xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
2596 + xmlSecAssert2( symKey != NULL , -1 ) ;
2597 + xmlSecAssert2(iv != NULL, -1);
2598 + xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
2599 + xmlSecAssert2(in != NULL, -1);
2600 + xmlSecAssert2(inSize > 0, -1);
2601 + xmlSecAssert2(out != NULL, -1);
2602 + xmlSecAssert2(outSize >= inSize, -1);
2603 +
2604 + /* Prepare IV */
2605 + ivItem.data = ( unsigned char* )iv ;
2606 + ivItem.len = ivSize ;
2607 +
2608 + secParam = PK11_ParamFromIV(cipherMech, &ivItem);
2609 + if (secParam == NULL) {
2610 + xmlSecError(XMLSEC_ERRORS_HERE,
2611 + NULL,
2612 + "PK11_ParamFromIV",
2613 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2614 + "Error code = %d", PORT_GetError());
2615 + goto done;
2616 + }
2617 +
2618 + EncContext = PK11_CreateContextBySymKey(cipherMech,
2619 + enc ? CKA_ENCRYPT : CKA_DECRYPT,
2620 + symKey, secParam);
2621 + if (EncContext == NULL) {
2622 + xmlSecError(XMLSEC_ERRORS_HERE,
2623 + NULL,
2624 + "PK11_CreateContextBySymKey",
2625 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2626 + "Error code = %d", PORT_GetError());
2627 + goto done;
2628 + }
2629 +
2630 + tmp1_outlen = tmp2_outlen = 0;
2631 + rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
2632 + (unsigned char *)in, inSize);
2633 + if (rv != SECSuccess) {
2634 + xmlSecError(XMLSEC_ERRORS_HERE,
2635 + NULL,
2636 + "PK11_CipherOp",
2637 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2638 + "Error code = %d", PORT_GetError());
2639 + goto done;
2640 + }
2641 +
2642 + rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
2643 + &tmp2_outlen, outSize-tmp1_outlen);
2644 + if (rv != SECSuccess) {
2645 + xmlSecError(XMLSEC_ERRORS_HERE,
2646 + NULL,
2647 + "PK11_DigestFinal",
2648 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2649 + "Error code = %d", PORT_GetError());
2650 + goto done;
2651 + }
2652 +
2653 + result_len = tmp1_outlen + tmp2_outlen;
2654 +
2655 +done:
2656 + if (secParam) {
2657 + SECITEM_FreeItem(secParam, PR_TRUE);
2658 + }
2659 + if (EncContext) {
2660 + PK11_DestroyContext(EncContext, PR_TRUE);
2661 + }
2662 +
2663 + return(result_len);
2664 +}
2665 +
2666 +static int
2667 +xmlSecNssKeyWrapDesOp(
2668 + xmlSecNssKeyWrapCtxPtr ctx ,
2669 + int encrypt ,
2670 + xmlSecBufferPtr result
2671 +) {
2672 + xmlSecByte sha1[SHA1_LENGTH];
2673 + xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
2674 + xmlSecByte* in;
2675 + xmlSecSize inSize;
2676 + xmlSecByte* out;
2677 + xmlSecSize outSize;
2678 + xmlSecSize s;
2679 + int ret;
2680 + SECStatus status;
2681 +
2682 + xmlSecAssert2( ctx != NULL , -1 ) ;
2683 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2684 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2685 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2686 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
2687 + xmlSecAssert2( result != NULL , -1 ) ;
2688 +
2689 + in = xmlSecBufferGetData(ctx->material);
2690 + inSize = xmlSecBufferGetSize(ctx->material) ;
2691 + out = xmlSecBufferGetData(result);
2692 + outSize = xmlSecBufferGetMaxSize(result) ;
2693 + if( encrypt ) {
2694 + /* step 2: calculate sha1 and CMS */
2695 + if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
2696 + xmlSecError(XMLSEC_ERRORS_HERE,
2697 + NULL,
2698 + "xmlSecNssComputeSHA1",
2699 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2700 + XMLSEC_ERRORS_NO_MESSAGE);
2701 + return(-1);
2702 + }
2703 +
2704 + /* step 3: construct WKCKS */
2705 + memcpy(out, in, inSize);
2706 + memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
2707 +
2708 + /* step 4: generate random iv */
2709 + status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
2710 + if(status != SECSuccess) {
2711 + xmlSecError(XMLSEC_ERRORS_HERE,
2712 + NULL,
2713 + "PK11_GenerateRandom",
2714 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2715 + "error code = %d", PORT_GetError());
2716 + return(-1);
2717 + }
2718 +
2719 + /* step 5: first encryption, result is TEMP1 */
2720 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2721 + iv, XMLSEC_NSS_DES3_IV_LENGTH,
2722 + out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
2723 + out, outSize, 1);
2724 + if(ret < 0) {
2725 + xmlSecError(XMLSEC_ERRORS_HERE,
2726 + NULL,
2727 + "xmlSecNssKWDes3Encrypt",
2728 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2729 + XMLSEC_ERRORS_NO_MESSAGE);
2730 + return(-1);
2731 + }
2732 +
2733 + /* step 6: construct TEMP2=IV || TEMP1 */
2734 + memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
2735 + inSize + XMLSEC_NSS_DES3_IV_LENGTH);
2736 + memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
2737 + s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
2738 +
2739 + /* step 7: reverse octets order, result is TEMP3 */
2740 + ret = xmlSecNssKWDes3BufferReverse(out, s);
2741 + if(ret < 0) {
2742 + xmlSecError(XMLSEC_ERRORS_HERE,
2743 + NULL,
2744 + "xmlSecNssKWDes3BufferReverse",
2745 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2746 + XMLSEC_ERRORS_NO_MESSAGE);
2747 + return(-1);
2748 + }
2749 +
2750 + /* step 8: second encryption with static IV */
2751 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2752 + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
2753 + out, s,
2754 + out, outSize, 1);
2755 + if(ret < 0) {
2756 + xmlSecError(XMLSEC_ERRORS_HERE,
2757 + NULL,
2758 + "xmlSecNssKWDes3Encrypt",
2759 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2760 + XMLSEC_ERRORS_NO_MESSAGE);
2761 + return(-1);
2762 + }
2763 + s = ret;
2764 +
2765 + if( xmlSecBufferSetSize( result , s ) < 0 ) {
2766 + xmlSecError(XMLSEC_ERRORS_HERE,
2767 + NULL,
2768 + "xmlSecBufferSetSize",
2769 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2770 + XMLSEC_ERRORS_NO_MESSAGE);
2771 + return(-1);
2772 + }
2773 + } else {
2774 + /* step 2: first decryption with static IV, result is TEMP3 */
2775 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2776 + xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
2777 + in, inSize,
2778 + out, outSize, 0);
2779 + if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
2780 + xmlSecError(XMLSEC_ERRORS_HERE,
2781 + NULL,
2782 + "xmlSecNssKWDes3Encrypt",
2783 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2784 + XMLSEC_ERRORS_NO_MESSAGE);
2785 + return(-1);
2786 + }
2787 + s = ret;
2788 +
2789 + /* step 3: reverse octets order in TEMP3, result is TEMP2 */
2790 + ret = xmlSecNssKWDes3BufferReverse(out, s);
2791 + if(ret < 0) {
2792 + xmlSecError(XMLSEC_ERRORS_HERE,
2793 + NULL,
2794 + "xmlSecNssKWDes3BufferReverse",
2795 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2796 + XMLSEC_ERRORS_NO_MESSAGE);
2797 + return(-1);
2798 + }
2799 +
2800 + /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
2801 + ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
2802 + out, XMLSEC_NSS_DES3_IV_LENGTH,
2803 + out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
2804 + out, outSize, 0);
2805 + if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
2806 + xmlSecError(XMLSEC_ERRORS_HERE,
2807 + NULL,
2808 + "xmlSecNssKWDes3Encrypt",
2809 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2810 + XMLSEC_ERRORS_NO_MESSAGE);
2811 + return(-1);
2812 + }
2813 + s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
2814 +
2815 + /* steps 6 and 7: calculate SHA1 and validate it */
2816 + if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
2817 + xmlSecError(XMLSEC_ERRORS_HERE,
2818 + NULL,
2819 + "xmlSecNssComputeSHA1",
2820 + XMLSEC_ERRORS_R_CRYPTO_FAILED,
2821 + XMLSEC_ERRORS_NO_MESSAGE);
2822 + return(-1);
2823 + }
2824 +
2825 + if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
2826 + xmlSecError(XMLSEC_ERRORS_HERE,
2827 + NULL,
2828 + NULL,
2829 + XMLSEC_ERRORS_R_INVALID_DATA,
2830 + "SHA1 does not match");
2831 + return(-1);
2832 + }
2833 +
2834 + if( xmlSecBufferSetSize( result , s ) < 0 ) {
2835 + xmlSecError(XMLSEC_ERRORS_HERE,
2836 + NULL,
2837 + "xmlSecBufferSetSize",
2838 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
2839 + XMLSEC_ERRORS_NO_MESSAGE);
2840 + return(-1);
2841 + }
2842 + }
2843 +
2844 + return(0);
2845 +}
2846 +
2847 +static int
2848 +xmlSecNssKeyWrapAesOp(
2849 + xmlSecNssKeyWrapCtxPtr ctx ,
2850 + int encrypt ,
2851 + xmlSecBufferPtr result
2852 +) {
2853 + PK11Context* cipherCtx = NULL;
2854 + SECItem ivItem ;
2855 + SECItem* secParam = NULL ;
2856 + xmlSecSize inSize ;
2857 + xmlSecSize inBlocks ;
2858 + int blockSize ;
2859 + int midSize ;
2860 + int finSize ;
2861 + xmlSecByte* out ;
2862 + xmlSecSize outSize;
2863 +
2864 + xmlSecAssert2( ctx != NULL , -1 ) ;
2865 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2866 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2867 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2868 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
2869 + xmlSecAssert2( result != NULL , -1 ) ;
2870 +
2871 + /* Do not set any IV */
2872 + memset(&ivItem, 0, sizeof(ivItem));
2873 +
2874 + /* Get block size */
2875 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
2876 + xmlSecError( XMLSEC_ERRORS_HERE ,
2877 + NULL ,
2878 + "PK11_GetBlockSize" ,
2879 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2880 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2881 + return(-1);
2882 + }
2883 +
2884 + inSize = xmlSecBufferGetSize( ctx->material ) ;
2885 + if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
2886 + xmlSecError( XMLSEC_ERRORS_HERE ,
2887 + NULL ,
2888 + "xmlSecBufferSetMaxSize" ,
2889 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2890 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2891 + return(-1);
2892 + }
2893 +
2894 + /* Get Param for context initialization */
2895 + if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
2896 + xmlSecError( XMLSEC_ERRORS_HERE ,
2897 + NULL ,
2898 + "PK11_ParamFromIV" ,
2899 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2900 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2901 + return(-1);
2902 + }
2903 +
2904 + cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
2905 + if( cipherCtx == NULL ) {
2906 + xmlSecError( XMLSEC_ERRORS_HERE ,
2907 + NULL ,
2908 + "PK11_CreateContextBySymKey" ,
2909 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2910 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2911 + SECITEM_FreeItem( secParam , PR_TRUE ) ;
2912 + return(-1);
2913 + }
2914 +
2915 + out = xmlSecBufferGetData(result) ;
2916 + outSize = xmlSecBufferGetMaxSize(result) ;
2917 + if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
2918 + xmlSecError( XMLSEC_ERRORS_HERE ,
2919 + NULL ,
2920 + "PK11_CipherOp" ,
2921 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2922 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2923 + return(-1);
2924 + }
2925 +
2926 + if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
2927 + xmlSecError( XMLSEC_ERRORS_HERE ,
2928 + NULL ,
2929 + "PK11_DigestFinal" ,
2930 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2931 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2932 + return(-1);
2933 + }
2934 +
2935 + if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
2936 + xmlSecError( XMLSEC_ERRORS_HERE ,
2937 + NULL ,
2938 + "xmlSecBufferSetSize" ,
2939 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2940 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2941 + return(-1);
2942 + }
2943 +
2944 + return 0 ;
2945 +}
2946 +
2947 +/**
2948 + * Block cipher transform final
2949 + */
2950 +static int
2951 +xmlSecNssKeyWrapCtxFinal(
2952 + xmlSecNssKeyWrapCtxPtr ctx ,
2953 + xmlSecBufferPtr in ,
2954 + xmlSecBufferPtr out ,
2955 + int encrypt ,
2956 + xmlSecTransformCtxPtr transformCtx
2957 +) {
2958 + PK11SymKey* targetKey ;
2959 + xmlSecSize blockSize ;
2960 + xmlSecBufferPtr result ;
2961 +
2962 + xmlSecAssert2( ctx != NULL , -1 ) ;
2963 + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
2964 + xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
2965 + xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
2966 + xmlSecAssert2( ctx->material != NULL , -1 ) ;
2967 + xmlSecAssert2( in != NULL , -1 ) ;
2968 + xmlSecAssert2( out != NULL , -1 ) ;
2969 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
2970 +
2971 + /* read raw key material and append into context */
2972 + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
2973 + xmlSecError( XMLSEC_ERRORS_HERE ,
2974 + NULL ,
2975 + "xmlSecBufferAppend" ,
2976 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2977 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2978 + return(-1);
2979 + }
2980 +
2981 + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
2982 + xmlSecError( XMLSEC_ERRORS_HERE ,
2983 + NULL ,
2984 + "xmlSecBufferRemoveHead" ,
2985 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2986 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2987 + return(-1);
2988 + }
2989 +
2990 + /* Now we get all of the key materail */
2991 + /* from now on we will wrap or unwrap the key */
2992 + if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
2993 + xmlSecError( XMLSEC_ERRORS_HERE ,
2994 + NULL ,
2995 + "PK11_GetBlockSize" ,
2996 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
2997 + XMLSEC_ERRORS_NO_MESSAGE ) ;
2998 + return(-1);
2999 + }
3000 +
3001 + result = xmlSecBufferCreate( blockSize ) ;
3002 + if( result == NULL ) {
3003 + xmlSecError( XMLSEC_ERRORS_HERE ,
3004 + NULL ,
3005 + "xmlSecBufferCreate" ,
3006 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3007 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3008 + return(-1);
3009 + }
3010 +
3011 + switch( ctx->cipher ) {
3012 + case CKM_DES3_CBC :
3013 + if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
3014 + xmlSecError( XMLSEC_ERRORS_HERE ,
3015 + NULL ,
3016 + "xmlSecNssKeyWrapDesOp" ,
3017 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3018 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3019 + xmlSecBufferDestroy(result);
3020 + return(-1);
3021 + }
3022 + break ;
3023 + /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
3024 + case CKM_AES_CBC :
3025 + if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
3026 + xmlSecError( XMLSEC_ERRORS_HERE ,
3027 + NULL ,
3028 + "xmlSecNssKeyWrapAesOp" ,
3029 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3030 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3031 + xmlSecBufferDestroy(result);
3032 + return(-1);
3033 + }
3034 + break ;
3035 + }
3036 +
3037 + /* Write output */
3038 + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
3039 + xmlSecError( XMLSEC_ERRORS_HERE ,
3040 + NULL ,
3041 + "xmlSecBufferAppend" ,
3042 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3043 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3044 + xmlSecBufferDestroy(result);
3045 + return(-1);
3046 + }
3047 + xmlSecBufferDestroy(result);
3048 +
3049 + return(0);
3050 +}
3051 +
3052 +static int
3053 +xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
3054 + xmlSecNssKeyWrapCtxPtr context = NULL ;
3055 + xmlSecBufferPtr inBuf, outBuf ;
3056 + int operation ;
3057 + int rtv ;
3058 +
3059 + xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
3060 + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
3061 + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
3062 + xmlSecAssert2( transformCtx != NULL , -1 ) ;
3063 +
3064 + context = xmlSecNssKeyWrapGetCtx( transform ) ;
3065 + if( context == NULL ) {
3066 + xmlSecError( XMLSEC_ERRORS_HERE ,
3067 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3068 + "xmlSecNssKeyWrapGetCtx" ,
3069 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3070 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3071 + return(-1);
3072 + }
3073 +
3074 + inBuf = &( transform->inBuf ) ;
3075 + outBuf = &( transform->outBuf ) ;
3076 +
3077 + if( transform->status == xmlSecTransformStatusNone ) {
3078 + transform->status = xmlSecTransformStatusWorking ;
3079 + }
3080 +
3081 + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
3082 + if( transform->status == xmlSecTransformStatusWorking ) {
3083 + if( context->material == NULL ) {
3084 + rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
3085 + if( rtv < 0 ) {
3086 + xmlSecError( XMLSEC_ERRORS_HERE ,
3087 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3088 + "xmlSecNssKeyWrapCtxInit" ,
3089 + XMLSEC_ERRORS_R_INVALID_STATUS ,
3090 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3091 + return(-1);
3092 + }
3093 + }
3094 +
3095 + if( context->material == NULL && last != 0 ) {
3096 + xmlSecError( XMLSEC_ERRORS_HERE ,
3097 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3098 + NULL ,
3099 + XMLSEC_ERRORS_R_INVALID_STATUS ,
3100 + "No enough data to intialize transform" ) ;
3101 + return(-1);
3102 + }
3103 +
3104 + if( context->material != NULL ) {
3105 + rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
3106 + if( rtv < 0 ) {
3107 + xmlSecError( XMLSEC_ERRORS_HERE ,
3108 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3109 + "xmlSecNssKeyWrapCtxUpdate" ,
3110 + XMLSEC_ERRORS_R_INVALID_STATUS ,
3111 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3112 + return(-1);
3113 + }
3114 + }
3115 +
3116 + if( last ) {
3117 + rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
3118 + if( rtv < 0 ) {
3119 + xmlSecError( XMLSEC_ERRORS_HERE ,
3120 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3121 + "xmlSecNssKeyWrapCtxFinal" ,
3122 + XMLSEC_ERRORS_R_INVALID_STATUS ,
3123 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3124 + return(-1);
3125 + }
3126 + transform->status = xmlSecTransformStatusFinished ;
3127 + }
3128 + } else if( transform->status == xmlSecTransformStatusFinished ) {
3129 + if( xmlSecBufferGetSize( inBuf ) != 0 ) {
3130 + xmlSecError( XMLSEC_ERRORS_HERE ,
3131 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3132 + NULL ,
3133 + XMLSEC_ERRORS_R_INVALID_STATUS ,
3134 + "status=%d", transform->status ) ;
3135 + return(-1);
3136 + }
3137 + } else {
3138 + xmlSecError( XMLSEC_ERRORS_HERE ,
3139 + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
3140 + NULL ,
3141 + XMLSEC_ERRORS_R_INVALID_STATUS ,
3142 + "status=%d", transform->status ) ;
3143 + return(-1);
3144 + }
3145 +
3146 + return(0);
3147 +}
3148 +
3149 +#ifndef XMLSEC_NO_AES
3150 +
3151 +
3152 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
3153 +static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
3154 +#else
3155 +static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
3156 +#endif
3157 + /* klass/object sizes */
3158 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
3159 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
3160 +
3161 + xmlSecNameKWAes128, /* const xmlChar* name; */
3162 + xmlSecHrefKWAes128, /* const xmlChar* href; */
3163 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
3164 +
3165 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
3166 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
3167 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
3168 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
3169 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
3170 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
3171 + NULL, /* xmlSecTransformValidateMethod validate; */
3172 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
3173 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
3174 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
3175 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
3176 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
3177 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
3178 +
3179 + NULL, /* void* reserved0; */
3180 + NULL, /* void* reserved1; */
3181 +};
3182 +
3183 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
3184 +static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
3185 +#else
3186 +static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
3187 +#endif
3188 + /* klass/object sizes */
3189 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
3190 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
3191 +
3192 + xmlSecNameKWAes192, /* const xmlChar* name; */
3193 + xmlSecHrefKWAes192, /* const xmlChar* href; */
3194 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
3195 +
3196 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
3197 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
3198 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
3199 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
3200 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
3201 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
3202 + NULL, /* xmlSecTransformValidateMethod validate; */
3203 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
3204 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
3205 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
3206 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
3207 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
3208 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
3209 +
3210 + NULL, /* void* reserved0; */
3211 + NULL, /* void* reserved1; */
3212 +};
3213 +
3214 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
3215 +static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
3216 +#else
3217 +static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
3218 +#endif
3219 + /* klass/object sizes */
3220 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
3221 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
3222 +
3223 + xmlSecNameKWAes256, /* const xmlChar* name; */
3224 + xmlSecHrefKWAes256, /* const xmlChar* href; */
3225 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
3226 +
3227 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
3228 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
3229 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
3230 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
3231 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
3232 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
3233 + NULL, /* xmlSecTransformValidateMethod validate; */
3234 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
3235 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
3236 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
3237 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
3238 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
3239 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
3240 +
3241 + NULL, /* void* reserved0; */
3242 + NULL, /* void* reserved1; */
3243 +};
3244 +
3245 +/**
3246 + * xmlSecNssTransformKWAes128GetKlass:
3247 + *
3248 + * The AES-128 key wrapper transform klass.
3249 + *
3250 + * Returns AES-128 key wrapper transform klass.
3251 + */
3252 +xmlSecTransformId
3253 +xmlSecNssTransformKWAes128GetKlass(void) {
3254 + return(&xmlSecNssKWAes128Klass);
3255 +}
3256 +
3257 +/**
3258 + * xmlSecNssTransformKWAes192GetKlass:
3259 + *
3260 + * The AES-192 key wrapper transform klass.
3261 + *
3262 + * Returns AES-192 key wrapper transform klass.
3263 + */
3264 +xmlSecTransformId
3265 +xmlSecNssTransformKWAes192GetKlass(void) {
3266 + return(&xmlSecNssKWAes192Klass);
3267 +}
3268 +
3269 +/**
3270 + *
3271 + * The AES-256 key wrapper transform klass.
3272 + *
3273 + * Returns AES-256 key wrapper transform klass.
3274 + */
3275 +xmlSecTransformId
3276 +xmlSecNssTransformKWAes256GetKlass(void) {
3277 + return(&xmlSecNssKWAes256Klass);
3278 +}
3279 +
3280 +#endif /* XMLSEC_NO_AES */
3281 +
3282 +
3283 +#ifndef XMLSEC_NO_DES
3284 +
3285 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
3286 +static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
3287 +#else
3288 +static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
3289 +#endif
3290 + /* klass/object sizes */
3291 + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
3292 + xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
3293 +
3294 + xmlSecNameKWDes3, /* const xmlChar* name; */
3295 + xmlSecHrefKWDes3, /* const xmlChar* href; */
3296 + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
3297 +
3298 + xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
3299 + xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
3300 + NULL, /* xmlSecTransformNodeReadMethod readNode; */
3301 + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
3302 + xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
3303 + xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
3304 + NULL, /* xmlSecTransformValidateMethod validate; */
3305 + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
3306 + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
3307 + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
3308 + NULL, /* xmlSecTransformPushXmlMethod pushXml; */
3309 + NULL, /* xmlSecTransformPopXmlMethod popXml; */
3310 + xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
3311 +
3312 + NULL, /* void* reserved0; */
3313 + NULL, /* void* reserved1; */
3314 +};
3315 +
3316 +/**
3317 + * xmlSecNssTransformKWDes3GetKlass:
3318 + *
3319 + * The Triple DES key wrapper transform klass.
3320 + *
3321 + * Returns Triple DES key wrapper transform klass.
3322 + */
3323 +xmlSecTransformId
3324 +xmlSecNssTransformKWDes3GetKlass(void) {
3325 + return(&xmlSecNssKWDes3Klass);
3326 +}
3327 +
3328 +#endif /* XMLSEC_NO_DES */
3329 +
3330 --- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200
3331 +++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200
3332 @@ -24,6 +24,7 @@
3333 #include <xmlsec/nss/crypto.h>
3334 #include <xmlsec/nss/bignum.h>
3335 #include <xmlsec/nss/pkikeys.h>
3336 +#include <xmlsec/nss/tokens.h>
3338 /**************************************************************************
3339 *
3340 @@ -115,6 +116,8 @@
3341 xmlSecNssPKIKeyDataCtxPtr ctxSrc)
3342 {
3343 xmlSecNSSPKIKeyDataCtxFree(ctxDst);
3344 + ctxDst->privkey = NULL ;
3345 + ctxDst->pubkey = NULL ;
3346 if (ctxSrc->privkey != NULL) {
3347 ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey);
3348 if(ctxDst->privkey == NULL) {
3349 @@ -588,13 +591,13 @@
3350 goto done;
3351 }
3353 - slot = PK11_GetBestSlot(CKM_DSA, NULL);
3354 + slot = xmlSecNssSlotGet(CKM_DSA);
3355 if(slot == NULL) {
3356 xmlSecError(XMLSEC_ERRORS_HERE,
3357 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3358 - "PK11_GetBestSlot",
3359 + "xmlSecNssSlotGet",
3360 XMLSEC_ERRORS_R_CRYPTO_FAILED,
3361 - XMLSEC_ERRORS_NO_MESSAGE);
3362 + "error code=%d", PORT_GetError());
3363 ret = -1;
3364 goto done;
3365 }
3366 @@ -792,14 +795,14 @@
3367 if (slot != NULL) {
3368 PK11_FreeSlot(slot);
3369 }
3370 - if (ret != 0) {
3371 +
3372 if (pubkey != NULL) {
3373 SECKEY_DestroyPublicKey(pubkey);
3374 }
3375 if (data != NULL) {
3376 xmlSecKeyDataDestroy(data);
3377 }
3378 - }
3379 +
3380 return(ret);
3381 }
3383 @@ -818,7 +821,7 @@
3385 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
3386 xmlSecAssert2(ctx != NULL, -1);
3387 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
3388 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
3390 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
3391 /* we can have only private key or public key */
3392 @@ -940,7 +943,8 @@
3393 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3394 "PK11_PQG_ParamGen",
3395 XMLSEC_ERRORS_R_CRYPTO_FAILED,
3396 - "size=%d", sizeBits);
3397 + "size=%d, error code=%d", sizeBits, PORT_GetError());
3398 + ret = -1;
3399 goto done;
3400 }
3402 @@ -950,11 +954,12 @@
3403 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3404 "PK11_PQG_VerifyParams",
3405 XMLSEC_ERRORS_R_CRYPTO_FAILED,
3406 - "size=%d", sizeBits);
3407 + "size=%d, error code=%d", sizeBits, PORT_GetError());
3408 + ret = -1;
3409 goto done;
3410 }
3412 - slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL);
3413 + slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN);
3414 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
3415 privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams,
3416 &pubkey, PR_FALSE, PR_TRUE, NULL);
3417 @@ -964,8 +969,9 @@
3418 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3419 "PK11_GenerateKeyPair",
3420 XMLSEC_ERRORS_R_CRYPTO_FAILED,
3421 - XMLSEC_ERRORS_NO_MESSAGE);
3422 + "error code=%d", PORT_GetError());
3424 + ret = -1;
3425 goto done;
3426 }
3428 @@ -979,6 +985,8 @@
3429 goto done;
3430 }
3432 + privkey = NULL ;
3433 + pubkey = NULL ;
3434 ret = 0;
3436 done:
3437 @@ -991,16 +999,13 @@
3438 if (pqgVerify != NULL) {
3439 PK11_PQG_DestroyVerify(pqgVerify);
3440 }
3441 - if (ret == 0) {
3442 - return (0);
3443 - }
3444 if (pubkey != NULL) {
3445 SECKEY_DestroyPublicKey(pubkey);
3446 }
3447 if (privkey != NULL) {
3448 SECKEY_DestroyPrivateKey(privkey);
3449 }
3450 - return(-1);
3451 + return(ret);
3452 }
3454 static xmlSecKeyDataType
3455 @@ -1010,10 +1015,10 @@
3456 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown);
3457 ctx = xmlSecNssPKIKeyDataGetCtx(data);
3458 xmlSecAssert2(ctx != NULL, -1);
3459 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
3460 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
3461 if (ctx->privkey != NULL) {
3462 return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic);
3463 - } else {
3464 + } else if( ctx->pubkey != NULL ) {
3465 return(xmlSecKeyDataTypePublic);
3466 }
3468 @@ -1027,7 +1032,7 @@
3469 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0);
3470 ctx = xmlSecNssPKIKeyDataGetCtx(data);
3471 xmlSecAssert2(ctx != NULL, -1);
3472 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);
3473 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/
3475 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
3476 }
3477 @@ -1216,13 +1221,13 @@
3478 goto done;
3479 }
3481 - slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL);
3482 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS);
3483 if(slot == NULL) {
3484 xmlSecError(XMLSEC_ERRORS_HERE,
3485 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3486 - "PK11_GetBestSlot",
3487 + "xmlSecNssSlotGet",
3488 XMLSEC_ERRORS_R_CRYPTO_FAILED,
3489 - XMLSEC_ERRORS_NO_MESSAGE);
3490 + "error code=%d", PORT_GetError());
3491 ret = -1;
3492 goto done;
3493 }
3494 @@ -1384,7 +1389,7 @@
3496 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key));
3497 xmlSecAssert2(ctx != NULL, -1);
3498 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
3499 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
3502 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
3503 @@ -1455,7 +1460,7 @@
3504 params.keySizeInBits = sizeBits;
3505 params.pe = 65537;
3507 - slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL);
3508 + slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN);
3509 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */);
3510 privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms,
3511 &pubkey, PR_FALSE, PR_TRUE, NULL);
3512 @@ -1525,7 +1530,7 @@
3514 ctx = xmlSecNssPKIKeyDataGetCtx(data);
3515 xmlSecAssert2(ctx != NULL, -1);
3516 - xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);
3517 +/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/
3519 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey));
3520 }
3521 --- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200
3522 +++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200
3523 @@ -15,20 +15,41 @@
3524 #include <stdio.h>
3525 #include <string.h>
3527 +#include <pk11func.h>
3528 +#include <nss.h>
3529 +
3530 #include <xmlsec/xmlsec.h>
3531 #include <xmlsec/xmltree.h>
3532 +#include <xmlsec/base64.h>
3533 #include <xmlsec/keys.h>
3534 #include <xmlsec/keyinfo.h>
3535 #include <xmlsec/transforms.h>
3536 #include <xmlsec/errors.h>
3538 #include <xmlsec/nss/crypto.h>
3539 +#include <xmlsec/nss/ciphers.h>
3540 +#include <xmlsec/nss/tokens.h>
3542 /*****************************************************************************
3543 *
3544 - * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
3545 + * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey
3546 *
3547 ****************************************************************************/
3548 +typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ;
3549 +typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ;
3550 +
3551 +struct _xmlSecNssSymKeyDataCtx {
3552 + CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */
3553 + PK11SlotInfo* slot ; /* the key resident slot */
3554 + PK11SymKey* symkey ; /* the symmetic key */
3555 +} ;
3556 +
3557 +#define xmlSecNssSymKeyDataSize \
3558 + ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) )
3559 +
3560 +#define xmlSecNssSymKeyDataGetCtx( data ) \
3561 + ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) )
3562 +
3563 static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data);
3564 static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
3565 xmlSecKeyDataPtr src);
3566 @@ -67,107 +88,743 @@
3567 (xmlSecKeyDataIsValid((data)) && \
3568 xmlSecNssSymKeyDataKlassCheck((data)->id))
3570 +/**
3571 + * xmlSecNssSymKeyDataAdoptKey:
3572 + * @data: the pointer to symmetric key data.
3573 + * @symkey: the symmetric key
3574 + *
3575 + * Set the value of symmetric key data.
3576 + *
3577 + * Returns 0 on success or a negative value if an error occurs.
3578 + */
3579 +int
3580 +xmlSecNssSymKeyDataAdoptKey(
3581 + xmlSecKeyDataPtr data ,
3582 + PK11SymKey* symkey
3583 +) {
3584 + xmlSecNssSymKeyDataCtxPtr context = NULL ;
3585 +
3586 + xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ;
3587 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ;
3588 + xmlSecAssert2( symkey != NULL, -1 ) ;
3589 +
3590 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
3591 + xmlSecAssert2(context != NULL, -1);
3592 +
3593 + context->cipher = PK11_GetMechanism( symkey ) ;
3594 +
3595 + if( context->slot != NULL ) {
3596 + PK11_FreeSlot( context->slot ) ;
3597 + context->slot = NULL ;
3598 + }
3599 + context->slot = PK11_GetSlotFromKey( symkey ) ;
3600 +
3601 + if( context->symkey != NULL ) {
3602 + PK11_FreeSymKey( context->symkey ) ;
3603 + context->symkey = NULL ;
3604 + }
3605 + context->symkey = PK11_ReferenceSymKey( symkey ) ;
3606 +
3607 + return 0 ;
3608 +}
3609 +
3610 +xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt(
3611 + PK11SymKey* symKey
3612 +) {
3613 + xmlSecKeyDataPtr data = NULL ;
3614 + CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ;
3615 +
3616 + xmlSecAssert2( symKey != NULL , NULL ) ;
3617 +
3618 + mechanism = PK11_GetMechanism( symKey ) ;
3619 + switch( mechanism ) {
3620 + case CKM_DES3_KEY_GEN :
3621 + case CKM_DES3_CBC :
3622 + case CKM_DES3_MAC :
3623 + data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ;
3624 + if( data == NULL ) {
3625 + xmlSecError( XMLSEC_ERRORS_HERE ,
3626 + NULL ,
3627 + "xmlSecKeyDataCreate" ,
3628 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3629 + "xmlSecNssKeyDataDesId" ) ;
3630 + return NULL ;
3631 + }
3632 + break ;
3633 + case CKM_AES_KEY_GEN :
3634 + case CKM_AES_CBC :
3635 + case CKM_AES_MAC :
3636 + data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ;
3637 + if( data == NULL ) {
3638 + xmlSecError( XMLSEC_ERRORS_HERE ,
3639 + NULL ,
3640 + "xmlSecKeyDataCreate" ,
3641 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3642 + "xmlSecNssKeyDataDesId" ) ;
3643 + return NULL ;
3644 + }
3645 + break ;
3646 + default :
3647 + xmlSecError( XMLSEC_ERRORS_HERE ,
3648 + NULL ,
3649 + NULL ,
3650 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3651 + "Unsupported mechanism" ) ;
3652 + return NULL ;
3653 + }
3654 +
3655 + if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) {
3656 + xmlSecError( XMLSEC_ERRORS_HERE ,
3657 + NULL ,
3658 + "xmlSecNssSymKeyDataAdoptKey" ,
3659 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
3660 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3661 +
3662 + xmlSecKeyDataDestroy( data ) ;
3663 + return NULL ;
3664 + }
3665 +
3666 + return data ;
3667 +}
3668 +
3669 +
3670 +PK11SymKey*
3671 +xmlSecNssSymKeyDataGetKey(
3672 + xmlSecKeyDataPtr data
3673 +) {
3674 + xmlSecNssSymKeyDataCtxPtr ctx;
3675 + PK11SymKey* symkey ;
3676 +
3677 + xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL);
3678 + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL);
3679 +
3680 + ctx = xmlSecNssSymKeyDataGetCtx(data);
3681 + xmlSecAssert2(ctx != NULL, NULL);
3682 +
3683 + if( ctx->symkey != NULL ) {
3684 + symkey = PK11_ReferenceSymKey( ctx->symkey ) ;
3685 + } else {
3686 + symkey = NULL ;
3687 + }
3688 +
3689 + return(symkey);
3690 +}
3691 +
3692 static int
3693 xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) {
3694 + xmlSecNssSymKeyDataCtxPtr ctx;
3695 +
3696 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
3697 -
3698 - return(xmlSecKeyDataBinaryValueInitialize(data));
3699 + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1);
3700 +
3701 + ctx = xmlSecNssSymKeyDataGetCtx(data);
3702 + xmlSecAssert2(ctx != NULL, -1);
3703 +
3704 + memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx));
3705 +
3706 + /* Set the block cipher mechanism */
3707 +#ifndef XMLSEC_NO_DES
3708 + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
3709 + ctx->cipher = CKM_DES3_KEY_GEN;
3710 + } else
3711 +#endif /* XMLSEC_NO_DES */
3712 +
3713 +#ifndef XMLSEC_NO_AES
3714 + if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) {
3715 + ctx->cipher = CKM_AES_KEY_GEN;
3716 + } else
3717 +#endif /* XMLSEC_NO_AES */
3718 +
3719 + if(1) {
3720 + xmlSecError( XMLSEC_ERRORS_HERE ,
3721 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
3722 + NULL ,
3723 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3724 + "Unsupported block cipher" ) ;
3725 + return(-1) ;
3726 + }
3727 +
3728 + return(0);
3729 }
3731 static int
3732 xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
3733 + xmlSecNssSymKeyDataCtxPtr ctxDst;
3734 + xmlSecNssSymKeyDataCtxPtr ctxSrc;
3735 +
3736 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1);
3737 + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1);
3738 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1);
3739 + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1);
3740 xmlSecAssert2(dst->id == src->id, -1);
3741 -
3742 - return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
3743 +
3744 + ctxDst = xmlSecNssSymKeyDataGetCtx(dst);
3745 + xmlSecAssert2(ctxDst != NULL, -1);
3746 +
3747 + ctxSrc = xmlSecNssSymKeyDataGetCtx(src);
3748 + xmlSecAssert2(ctxSrc != NULL, -1);
3749 +
3750 + ctxDst->cipher = ctxSrc->cipher ;
3751 +
3752 + if( ctxSrc->slot != NULL ) {
3753 + if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) {
3754 + PK11_FreeSlot( ctxDst->slot ) ;
3755 + ctxDst->slot = NULL ;
3756 + }
3757 +
3758 + if( ctxDst->slot == NULL && ctxSrc->slot != NULL )
3759 + ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ;
3760 + } else {
3761 + if( ctxDst->slot != NULL ) {
3762 + PK11_FreeSlot( ctxDst->slot ) ;
3763 + ctxDst->slot = NULL ;
3764 + }
3765 + }
3766 +
3767 + if( ctxSrc->symkey != NULL ) {
3768 + if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) {
3769 + PK11_FreeSymKey( ctxDst->symkey ) ;
3770 + ctxDst->symkey = NULL ;
3771 + }
3772 +
3773 + if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL )
3774 + ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ;
3775 + } else {
3776 + if( ctxDst->symkey != NULL ) {
3777 + PK11_FreeSymKey( ctxDst->symkey ) ;
3778 + ctxDst->symkey = NULL ;
3779 + }
3780 + }
3781 +
3782 + return(0);
3783 }
3785 static void
3786 xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) {
3787 + xmlSecNssSymKeyDataCtxPtr ctx;
3788 +
3789 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
3790 -
3791 - xmlSecKeyDataBinaryValueFinalize(data);
3792 + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize));
3793 +
3794 + ctx = xmlSecNssSymKeyDataGetCtx(data);
3795 + xmlSecAssert(ctx != NULL);
3796 +
3797 + if( ctx->slot != NULL ) {
3798 + PK11_FreeSlot( ctx->slot ) ;
3799 + ctx->slot = NULL ;
3800 + }
3801 +
3802 + if( ctx->symkey != NULL ) {
3803 + PK11_FreeSymKey( ctx->symkey ) ;
3804 + ctx->symkey = NULL ;
3805 + }
3806 +
3807 + ctx->cipher = CKM_INVALID_MECHANISM ;
3808 }
3810 static int
3811 xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
3812 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
3813 - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
3814 + PK11SymKey* symKey ;
3815 + PK11SlotInfo* slot ;
3816 + xmlSecBufferPtr keyBuf;
3817 + xmlSecSize len;
3818 + xmlSecKeyDataPtr data;
3819 + xmlSecNssSymKeyDataCtxPtr ctx;
3820 + SECItem keyItem ;
3821 + int ret;
3822 +
3823 + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
3824 + xmlSecAssert2(key != NULL, -1);
3825 + xmlSecAssert2(node != NULL, -1);
3826 + xmlSecAssert2(keyInfoCtx != NULL, -1);
3827 +
3828 + /* Create a new KeyData from a id */
3829 + data = xmlSecKeyDataCreate(id);
3830 + if(data == NULL ) {
3831 + xmlSecError(XMLSEC_ERRORS_HERE,
3832 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3833 + "xmlSecKeyDataCreate",
3834 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3835 + XMLSEC_ERRORS_NO_MESSAGE);
3836 + return(-1);
3837 + }
3838 +
3839 + ctx = xmlSecNssSymKeyDataGetCtx(data);
3840 + xmlSecAssert2(ctx != NULL, -1);
3841 +
3842 + /* Create a buffer for raw symmetric key value */
3843 + if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) {
3844 + xmlSecError( XMLSEC_ERRORS_HERE ,
3845 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3846 + "xmlSecBufferCreate" ,
3847 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3848 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3849 + xmlSecKeyDataDestroy( data ) ;
3850 + return(-1) ;
3851 + }
3852 +
3853 + /* Read the raw key value */
3854 + if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) {
3855 + xmlSecError( XMLSEC_ERRORS_HERE ,
3856 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3857 + xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
3858 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3859 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3860 +
3861 + xmlSecBufferDestroy( keyBuf ) ;
3862 + xmlSecKeyDataDestroy( data ) ;
3863 + return(-1) ;
3864 + }
3865 +
3866 + /* Get slot */
3867 + slot = xmlSecNssSlotGet(ctx->cipher);
3868 + if( slot == NULL ) {
3869 + xmlSecError( XMLSEC_ERRORS_HERE ,
3870 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3871 + "xmlSecNssSlotGet" ,
3872 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3873 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3874 +
3875 + xmlSecBufferDestroy( keyBuf ) ;
3876 + xmlSecKeyDataDestroy( data ) ;
3877 + return(-1) ;
3878 + }
3879 +
3880 + /* Wrap the raw key value SECItem */
3881 + keyItem.type = siBuffer ;
3882 + keyItem.data = xmlSecBufferGetData( keyBuf ) ;
3883 + keyItem.len = xmlSecBufferGetSize( keyBuf ) ;
3884 +
3885 + /* Import the raw key into slot temporalily and get the key handler*/
3886 + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
3887 + if( symKey == NULL ) {
3888 + xmlSecError( XMLSEC_ERRORS_HERE ,
3889 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3890 + "PK11_ImportSymKey" ,
3891 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
3892 + XMLSEC_ERRORS_NO_MESSAGE ) ;
3893 +
3894 + PK11_FreeSlot( slot ) ;
3895 + xmlSecBufferDestroy( keyBuf ) ;
3896 + xmlSecKeyDataDestroy( data ) ;
3897 + return(-1) ;
3898 + }
3899 + PK11_FreeSlot( slot ) ;
3900 +
3901 + /* raw key material has been copied into symKey, it isn't used any more */
3902 + xmlSecBufferDestroy( keyBuf ) ;
3903 +
3904 + /* Adopt the symmetric key into key data */
3905 + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
3906 + if(ret < 0) {
3907 + xmlSecError(XMLSEC_ERRORS_HERE,
3908 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3909 + "xmlSecKeyDataBinaryValueSetBuffer",
3910 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3911 + XMLSEC_ERRORS_NO_MESSAGE);
3912 + PK11_FreeSymKey( symKey ) ;
3913 + xmlSecKeyDataDestroy( data ) ;
3914 + return(-1);
3915 + }
3916 + /* symKey has been duplicated into data, it isn't used any more */
3917 + PK11_FreeSymKey( symKey ) ;
3918 +
3919 + /* Check value */
3920 + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
3921 + xmlSecError(XMLSEC_ERRORS_HERE,
3922 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3923 + "xmlSecKeyReqMatchKeyValue",
3924 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3925 + XMLSEC_ERRORS_NO_MESSAGE);
3926 + xmlSecKeyDataDestroy( data ) ;
3927 + return(0);
3928 + }
3930 - return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
3931 + ret = xmlSecKeySetValue(key, data);
3932 + if(ret < 0) {
3933 + xmlSecError(XMLSEC_ERRORS_HERE,
3934 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3935 + "xmlSecKeySetValue",
3936 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3937 + XMLSEC_ERRORS_NO_MESSAGE);
3938 + xmlSecKeyDataDestroy( data ) ;
3939 + return(-1);
3940 + }
3941 +
3942 + return(0);
3943 }
3945 static int
3946 xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
3947 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
3948 + PK11SymKey* symKey ;
3949 +
3950 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
3951 -
3952 - return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
3953 + xmlSecAssert2(key != NULL, -1);
3954 + xmlSecAssert2(node != NULL, -1);
3955 + xmlSecAssert2(keyInfoCtx != NULL, -1);
3956 +
3957 + /* Get symmetric key from "key" */
3958 + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
3959 + if( symKey != NULL ) {
3960 + SECItem* keyItem ;
3961 + xmlSecBufferPtr keyBuf ;
3962 +
3963 + /* Extract raw key data from symmetric key */
3964 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
3965 + xmlSecError(XMLSEC_ERRORS_HERE,
3966 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3967 + "PK11_ExtractKeyValue",
3968 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3969 + XMLSEC_ERRORS_NO_MESSAGE);
3970 + PK11_FreeSymKey( symKey ) ;
3971 + return(-1);
3972 + }
3973 +
3974 + /* Get raw key data from "symKey" */
3975 + keyItem = PK11_GetKeyData( symKey ) ;
3976 + if(keyItem == NULL) {
3977 + xmlSecError(XMLSEC_ERRORS_HERE,
3978 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3979 + "PK11_GetKeyData",
3980 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3981 + XMLSEC_ERRORS_NO_MESSAGE);
3982 + PK11_FreeSymKey( symKey ) ;
3983 + return(-1);
3984 + }
3985 +
3986 + /* Create key data buffer with raw kwy material */
3987 + keyBuf = xmlSecBufferCreate(keyItem->len) ;
3988 + if(keyBuf == NULL) {
3989 + xmlSecError(XMLSEC_ERRORS_HERE,
3990 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
3991 + "xmlSecBufferCreate",
3992 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
3993 + XMLSEC_ERRORS_NO_MESSAGE);
3994 + PK11_FreeSymKey( symKey ) ;
3995 + return(-1);
3996 + }
3997 +
3998 + xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ;
3999 +
4000 + /* Write raw key material into current xml node */
4001 + if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) {
4002 + xmlSecError(XMLSEC_ERRORS_HERE,
4003 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4004 + "xmlSecBufferBase64NodeContentWrite",
4005 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4006 + XMLSEC_ERRORS_NO_MESSAGE);
4007 + xmlSecBufferDestroy(keyBuf);
4008 + PK11_FreeSymKey( symKey ) ;
4009 + return(-1);
4010 + }
4011 + xmlSecBufferDestroy(keyBuf);
4012 + PK11_FreeSymKey( symKey ) ;
4013 + }
4014 +
4015 + return 0 ;
4016 }
4018 static int
4019 xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
4020 const xmlSecByte* buf, xmlSecSize bufSize,
4021 xmlSecKeyInfoCtxPtr keyInfoCtx) {
4022 - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
4023 + PK11SymKey* symKey ;
4024 + PK11SlotInfo* slot ;
4025 + xmlSecKeyDataPtr data;
4026 + xmlSecNssSymKeyDataCtxPtr ctx;
4027 + SECItem keyItem ;
4028 + int ret;
4029 +
4030 + xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
4031 + xmlSecAssert2(key != NULL, -1);
4032 + xmlSecAssert2(buf != NULL, -1);
4033 + xmlSecAssert2(bufSize != 0, -1);
4034 + xmlSecAssert2(keyInfoCtx != NULL, -1);
4035 +
4036 + /* Create a new KeyData from a id */
4037 + data = xmlSecKeyDataCreate(id);
4038 + if(data == NULL ) {
4039 + xmlSecError(XMLSEC_ERRORS_HERE,
4040 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4041 + "xmlSecKeyDataCreate",
4042 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4043 + XMLSEC_ERRORS_NO_MESSAGE);
4044 + return(-1);
4045 + }
4046 +
4047 + ctx = xmlSecNssSymKeyDataGetCtx(data);
4048 + xmlSecAssert2(ctx != NULL, -1);
4049 +
4050 + /* Get slot */
4051 + slot = xmlSecNssSlotGet(ctx->cipher);
4052 + if( slot == NULL ) {
4053 + xmlSecError( XMLSEC_ERRORS_HERE ,
4054 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4055 + "xmlSecNssSlotGet" ,
4056 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4057 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4058 + xmlSecKeyDataDestroy( data ) ;
4059 + return(-1) ;
4060 + }
4061 +
4062 + /* Wrap the raw key value SECItem */
4063 + keyItem.type = siBuffer ;
4064 + keyItem.data = buf ;
4065 + keyItem.len = bufSize ;
4066 +
4067 + /* Import the raw key into slot temporalily and get the key handler*/
4068 + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ;
4069 + if( symKey == NULL ) {
4070 + xmlSecError( XMLSEC_ERRORS_HERE ,
4071 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4072 + "PK11_ImportSymKey" ,
4073 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4074 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4075 + PK11_FreeSlot( slot ) ;
4076 + xmlSecKeyDataDestroy( data ) ;
4077 + return(-1) ;
4078 + }
4079 +
4080 + /* Adopt the symmetric key into key data */
4081 + ret = xmlSecNssSymKeyDataAdoptKey(data, symKey);
4082 + if(ret < 0) {
4083 + xmlSecError(XMLSEC_ERRORS_HERE,
4084 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4085 + "xmlSecKeyDataBinaryValueSetBuffer",
4086 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4087 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4088 + PK11_FreeSymKey( symKey ) ;
4089 + PK11_FreeSlot( slot ) ;
4090 + xmlSecKeyDataDestroy( data ) ;
4091 + return(-1);
4092 + }
4093 + /* symKey has been duplicated into data, it isn't used any more */
4094 + PK11_FreeSymKey( symKey ) ;
4095 + PK11_FreeSlot( slot ) ;
4096 +
4097 + /* Check value */
4098 + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
4099 + xmlSecError(XMLSEC_ERRORS_HERE,
4100 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4101 + "xmlSecKeyReqMatchKeyValue",
4102 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4103 + XMLSEC_ERRORS_NO_MESSAGE);
4104 + xmlSecKeyDataDestroy( data ) ;
4105 + return(0);
4106 + }
4108 - return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
4109 + ret = xmlSecKeySetValue(key, data);
4110 + if(ret < 0) {
4111 + xmlSecError(XMLSEC_ERRORS_HERE,
4112 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4113 + "xmlSecKeySetValue",
4114 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4115 + XMLSEC_ERRORS_NO_MESSAGE);
4116 + xmlSecKeyDataDestroy( data ) ;
4117 + return(-1);
4118 + }
4119 +
4120 + return(0);
4121 }
4123 static int
4124 xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
4125 xmlSecByte** buf, xmlSecSize* bufSize,
4126 xmlSecKeyInfoCtxPtr keyInfoCtx) {
4127 + PK11SymKey* symKey ;
4128 +
4129 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1);
4130 + xmlSecAssert2(key != NULL, -1);
4131 + xmlSecAssert2(buf != NULL, -1);
4132 + xmlSecAssert2(bufSize != 0, -1);
4133 + xmlSecAssert2(keyInfoCtx != NULL, -1);
4134 +
4135 + /* Get symmetric key from "key" */
4136 + symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key));
4137 + if( symKey != NULL ) {
4138 + SECItem* keyItem ;
4139 +
4140 + /* Extract raw key data from symmetric key */
4141 + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) {
4142 + xmlSecError(XMLSEC_ERRORS_HERE,
4143 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4144 + "PK11_ExtractKeyValue",
4145 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4146 + XMLSEC_ERRORS_NO_MESSAGE);
4147 + PK11_FreeSymKey( symKey ) ;
4148 + return(-1);
4149 + }
4150 +
4151 + /* Get raw key data from "symKey" */
4152 + keyItem = PK11_GetKeyData( symKey ) ;
4153 + if(keyItem == NULL) {
4154 + xmlSecError(XMLSEC_ERRORS_HERE,
4155 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4156 + "PK11_GetKeyData",
4157 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4158 + XMLSEC_ERRORS_NO_MESSAGE);
4159 + PK11_FreeSymKey( symKey ) ;
4160 + return(-1);
4161 + }
4162 +
4163 + *bufSize = keyItem->len;
4164 + *buf = ( xmlSecByte* )xmlMalloc( *bufSize );
4165 + if( *buf == NULL ) {
4166 + xmlSecError(XMLSEC_ERRORS_HERE,
4167 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4168 + NULL,
4169 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4170 + XMLSEC_ERRORS_NO_MESSAGE);
4171 + PK11_FreeSymKey( symKey ) ;
4172 + return(-1);
4173 + }
4174 +
4175 + memcpy((*buf), keyItem->data, (*bufSize));
4176 + PK11_FreeSymKey( symKey ) ;
4177 + }
4179 - return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
4180 + return 0 ;
4181 }
4183 static int
4184 xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
4185 - xmlSecBufferPtr buffer;
4186 + PK11SymKey* symkey ;
4187 + PK11SlotInfo* slot ;
4188 + xmlSecNssSymKeyDataCtxPtr ctx;
4189 + int ret;
4191 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1);
4192 xmlSecAssert2(sizeBits > 0, -1);
4194 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
4195 - xmlSecAssert2(buffer != NULL, -1);
4196 -
4197 - return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8));
4198 + ctx = xmlSecNssSymKeyDataGetCtx(data);
4199 + xmlSecAssert2(ctx != NULL, -1);
4200 +
4201 + if( sizeBits % 8 != 0 ) {
4202 + xmlSecError(XMLSEC_ERRORS_HERE,
4203 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4204 + NULL,
4205 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
4206 + "Symmetric key size must be octuple");
4207 + return(-1);
4208 + }
4209 +
4210 + /* Get slot */
4211 + slot = xmlSecNssSlotGet(ctx->cipher);
4212 + if( slot == NULL ) {
4213 + xmlSecError( XMLSEC_ERRORS_HERE ,
4214 + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
4215 + "xmlSecNssSlotGet" ,
4216 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4217 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4218 + return(-1) ;
4219 + }
4220 +
4221 + if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) {
4222 + xmlSecError( XMLSEC_ERRORS_HERE ,
4223 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4224 + "PK11_Authenticate" ,
4225 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4226 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4227 + PK11_FreeSlot( slot ) ;
4228 + return -1 ;
4229 + }
4230 +
4231 + symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ;
4232 + if( symkey == NULL ) {
4233 + xmlSecError( XMLSEC_ERRORS_HERE ,
4234 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4235 + "PK11_KeyGen" ,
4236 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4237 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4238 + PK11_FreeSlot( slot ) ;
4239 + return -1 ;
4240 + }
4241 +
4242 + if( ctx->slot != NULL ) {
4243 + PK11_FreeSlot( ctx->slot ) ;
4244 + ctx->slot = NULL ;
4245 + }
4246 + ctx->slot = slot ;
4247 +
4248 + if( ctx->symkey != NULL ) {
4249 + PK11_FreeSymKey( ctx->symkey ) ;
4250 + ctx->symkey = NULL ;
4251 + }
4252 + ctx->symkey = symkey ;
4253 +
4254 + return 0;
4255 }
4257 static xmlSecKeyDataType
4258 xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) {
4259 - xmlSecBufferPtr buffer;
4260 + xmlSecNssSymKeyDataCtxPtr context = NULL ;
4261 + xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ;
4263 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
4264 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ;
4266 - buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
4267 - xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
4268 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
4269 + if( context == NULL ) {
4270 + xmlSecError( XMLSEC_ERRORS_HERE ,
4271 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4272 + "xmlSecNssSymKeyDataGetCtx" ,
4273 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4274 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4275 + return xmlSecKeyDataTypeUnknown ;
4276 + }
4278 - return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
4279 + if( context->symkey != NULL ) {
4280 + type |= xmlSecKeyDataTypeSymmetric ;
4281 + } else {
4282 + type |= xmlSecKeyDataTypeUnknown ;
4283 + }
4284 +
4285 + return type ;
4286 }
4288 static xmlSecSize
4289 xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) {
4290 + xmlSecNssSymKeyDataCtxPtr context ;
4291 + unsigned int length = 0 ;
4292 +
4293 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0);
4294 + xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ;
4295 + context = xmlSecNssSymKeyDataGetCtx( data ) ;
4296 + if( context == NULL ) {
4297 + xmlSecError( XMLSEC_ERRORS_HERE ,
4298 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
4299 + "xmlSecNssSymKeyDataGetCtx" ,
4300 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
4301 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4302 + return 0 ;
4303 + }
4304 +
4305 + if( context->symkey != NULL ) {
4306 + length = PK11_GetKeyLength( context->symkey ) ;
4307 + length *= 8 ;
4308 + }
4310 - return(xmlSecKeyDataBinaryValueGetSize(data));
4311 + return length ;
4312 }
4314 static void
4315 xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
4316 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
4318 - xmlSecKeyDataBinaryValueDebugDump(data, output);
4319 + /* print only size, everything else is sensitive */
4320 + fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName ,
4321 + xmlSecKeyDataGetSize(data)) ;
4322 }
4324 static void
4325 xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
4326 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data));
4327 -
4328 - xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
4329 +
4330 + /* print only size, everything else is sensitive */
4331 + fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName ,
4332 + xmlSecKeyDataGetSize(data)) ;
4333 }
4335 static int
4336 @@ -201,7 +858,7 @@
4337 *************************************************************************/
4338 static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = {
4339 sizeof(xmlSecKeyDataKlass),
4340 - xmlSecKeyDataBinarySize,
4341 + xmlSecNssSymKeyDataSize,
4343 /* data */
4344 xmlSecNameAESKeyValue,
4345 @@ -282,7 +939,7 @@
4346 *************************************************************************/
4347 static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = {
4348 sizeof(xmlSecKeyDataKlass),
4349 - xmlSecKeyDataBinarySize,
4350 + xmlSecNssSymKeyDataSize,
4352 /* data */
4353 xmlSecNameDESKeyValue,
4354 @@ -364,7 +1021,7 @@
4355 *************************************************************************/
4356 static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = {
4357 sizeof(xmlSecKeyDataKlass),
4358 - xmlSecKeyDataBinarySize,
4359 + xmlSecNssSymKeyDataSize,
4361 /* data */
4362 xmlSecNameHMACKeyValue,
4363 --- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200
4364 +++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200
4365 @@ -1 +1,548 @@
4366 -dummy
4367 +/**
4368 + * XMLSec library
4369 + *
4370 + * This is free software; see Copyright file in the source
4371 + * distribution for preciese wording.
4372 + *
4373 + * Copyright..................................
4374 + *
4375 + * Contributor(s): _____________________________
4376 + *
4377 + */
4378 +
4379 +/**
4380 + * In order to ensure that particular crypto operation is performed on
4381 + * particular crypto device, a subclass of xmlSecList is used to store slot and
4382 + * mechanism information.
4383 + *
4384 + * In the list, a slot is bound with a mechanism. If the mechanism is available,
4385 + * this mechanism only can perform on the slot; otherwise, it can perform on
4386 + * every eligibl slot in the list.
4387 + *
4388 + * When try to find a slot for a particular mechanism, the slot bound with
4389 + * avaliable mechanism will be looked up firstly.
4390 + */
4391 +#include "globals.h"
4392 +#include <string.h>
4393 +
4394 +#include <xmlsec/xmlsec.h>
4395 +#include <xmlsec/errors.h>
4396 +#include <xmlsec/list.h>
4397 +
4398 +#include <xmlsec/nss/tokens.h>
4399 +
4400 +int
4401 +xmlSecNssKeySlotSetMechList(
4402 + xmlSecNssKeySlotPtr keySlot ,
4403 + CK_MECHANISM_TYPE_PTR mechanismList
4404 +) {
4405 + int counter ;
4406 +
4407 + xmlSecAssert2( keySlot != NULL , -1 ) ;
4408 +
4409 + if( keySlot->mechanismList != CK_NULL_PTR ) {
4410 + xmlFree( keySlot->mechanismList ) ;
4411 +
4412 + for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
4413 + keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
4414 + if( keySlot->mechanismList == NULL ) {
4415 + xmlSecError( XMLSEC_ERRORS_HERE ,
4416 + NULL ,
4417 + NULL ,
4418 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4419 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4420 + return( -1 );
4421 + }
4422 + for( ; counter >= 0 ; counter -- )
4423 + *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
4424 + }
4425 +
4426 + return( 0 );
4427 +}
4428 +
4429 +int
4430 +xmlSecNssKeySlotEnableMech(
4431 + xmlSecNssKeySlotPtr keySlot ,
4432 + CK_MECHANISM_TYPE mechanism
4433 +) {
4434 + int counter ;
4435 + CK_MECHANISM_TYPE_PTR newList ;
4436 +
4437 + xmlSecAssert2( keySlot != NULL , -1 ) ;
4438 +
4439 + if( mechanism != CKM_INVALID_MECHANISM ) {
4440 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
4441 + newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
4442 + if( newList == NULL ) {
4443 + xmlSecError( XMLSEC_ERRORS_HERE ,
4444 + NULL ,
4445 + NULL ,
4446 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4447 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4448 + return( -1 );
4449 + }
4450 + *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
4451 + *( newList + counter ) = mechanism ;
4452 + for( counter -= 1 ; counter >= 0 ; counter -- )
4453 + *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
4454 +
4455 + xmlFree( keySlot->mechanismList ) ;
4456 + keySlot->mechanismList = newList ;
4457 + }
4458 +
4459 + return(0);
4460 +}
4461 +
4462 +int
4463 +xmlSecNssKeySlotDisableMech(
4464 + xmlSecNssKeySlotPtr keySlot ,
4465 + CK_MECHANISM_TYPE mechanism
4466 +) {
4467 + int counter ;
4468 +
4469 + xmlSecAssert2( keySlot != NULL , -1 ) ;
4470 +
4471 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
4472 + if( *( keySlot->mechanismList + counter ) == mechanism ) {
4473 + for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
4474 + *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
4475 + }
4476 +
4477 + break ;
4478 + }
4479 + }
4480 +
4481 + return(0);
4482 +}
4483 +
4484 +CK_MECHANISM_TYPE_PTR
4485 +xmlSecNssKeySlotGetMechList(
4486 + xmlSecNssKeySlotPtr keySlot
4487 +) {
4488 + if( keySlot != NULL )
4489 + return keySlot->mechanismList ;
4490 + else
4491 + return NULL ;
4492 +}
4493 +
4494 +int
4495 +xmlSecNssKeySlotSetSlot(
4496 + xmlSecNssKeySlotPtr keySlot ,
4497 + PK11SlotInfo* slot
4498 +) {
4499 + xmlSecAssert2( keySlot != NULL , -1 ) ;
4500 +
4501 + if( slot != NULL && keySlot->slot != slot ) {
4502 + if( keySlot->slot != NULL )
4503 + PK11_FreeSlot( keySlot->slot ) ;
4504 +
4505 + if( keySlot->mechanismList != NULL ) {
4506 + xmlFree( keySlot->mechanismList ) ;
4507 + keySlot->mechanismList = NULL ;
4508 + }
4509 +
4510 + keySlot->slot = PK11_ReferenceSlot( slot ) ;
4511 + }
4512 +
4513 + return(0);
4514 +}
4515 +
4516 +int
4517 +xmlSecNssKeySlotInitialize(
4518 + xmlSecNssKeySlotPtr keySlot ,
4519 + PK11SlotInfo* slot
4520 +) {
4521 + xmlSecAssert2( keySlot != NULL , -1 ) ;
4522 + xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
4523 + xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
4524 +
4525 + if( slot != NULL ) {
4526 + keySlot->slot = PK11_ReferenceSlot( slot ) ;
4527 + }
4528 +
4529 + return(0);
4530 +}
4531 +
4532 +void
4533 +xmlSecNssKeySlotFinalize(
4534 + xmlSecNssKeySlotPtr keySlot
4535 +) {
4536 + xmlSecAssert( keySlot != NULL ) ;
4537 +
4538 + if( keySlot->mechanismList != NULL ) {
4539 + xmlFree( keySlot->mechanismList ) ;
4540 + keySlot->mechanismList = NULL ;
4541 + }
4542 +
4543 + if( keySlot->slot != NULL ) {
4544 + PK11_FreeSlot( keySlot->slot ) ;
4545 + keySlot->slot = NULL ;
4546 + }
4547 +
4548 +}
4549 +
4550 +PK11SlotInfo*
4551 +xmlSecNssKeySlotGetSlot(
4552 + xmlSecNssKeySlotPtr keySlot
4553 +) {
4554 + if( keySlot != NULL )
4555 + return keySlot->slot ;
4556 + else
4557 + return NULL ;
4558 +}
4559 +
4560 +xmlSecNssKeySlotPtr
4561 +xmlSecNssKeySlotCreate() {
4562 + xmlSecNssKeySlotPtr keySlot ;
4563 +
4564 + /* Allocates a new xmlSecNssKeySlot and fill the fields */
4565 + keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
4566 + if( keySlot == NULL ) {
4567 + xmlSecError( XMLSEC_ERRORS_HERE ,
4568 + NULL ,
4569 + NULL ,
4570 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4571 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4572 + return( NULL );
4573 + }
4574 + memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
4575 +
4576 + return( keySlot ) ;
4577 +}
4578 +
4579 +int
4580 +xmlSecNssKeySlotCopy(
4581 + xmlSecNssKeySlotPtr newKeySlot ,
4582 + xmlSecNssKeySlotPtr keySlot
4583 +) {
4584 + CK_MECHANISM_TYPE_PTR mech ;
4585 + int counter ;
4586 +
4587 + xmlSecAssert2( newKeySlot != NULL , -1 ) ;
4588 + xmlSecAssert2( keySlot != NULL , -1 ) ;
4589 +
4590 + if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
4591 + if( newKeySlot->slot != NULL )
4592 + PK11_FreeSlot( newKeySlot->slot ) ;
4593 +
4594 + newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
4595 + }
4596 +
4597 + if( keySlot->mechanismList != CK_NULL_PTR ) {
4598 + xmlFree( newKeySlot->mechanismList ) ;
4599 +
4600 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
4601 + newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
4602 + if( newKeySlot->mechanismList == NULL ) {
4603 + xmlSecError( XMLSEC_ERRORS_HERE ,
4604 + NULL ,
4605 + NULL ,
4606 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4607 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4608 + return( -1 );
4609 + }
4610 + for( ; counter >= 0 ; counter -- )
4611 + *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
4612 + }
4613 +
4614 + return( 0 );
4615 +}
4616 +
4617 +xmlSecNssKeySlotPtr
4618 +xmlSecNssKeySlotDuplicate(
4619 + xmlSecNssKeySlotPtr keySlot
4620 +) {
4621 + xmlSecNssKeySlotPtr newKeySlot ;
4622 + int ret ;
4623 +
4624 + xmlSecAssert2( keySlot != NULL , NULL ) ;
4625 +
4626 + newKeySlot = xmlSecNssKeySlotCreate() ;
4627 + if( newKeySlot == NULL ) {
4628 + xmlSecError( XMLSEC_ERRORS_HERE ,
4629 + NULL ,
4630 + NULL ,
4631 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4632 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4633 + return( NULL );
4634 + }
4635 +
4636 + if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
4637 + xmlSecError( XMLSEC_ERRORS_HERE ,
4638 + NULL ,
4639 + NULL ,
4640 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4641 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4642 + return( NULL );
4643 + }
4644 +
4645 + return( newKeySlot );
4646 +}
4647 +
4648 +void
4649 +xmlSecNssKeySlotDestroy(
4650 + xmlSecNssKeySlotPtr keySlot
4651 +) {
4652 + xmlSecAssert( keySlot != NULL ) ;
4653 +
4654 + if( keySlot->mechanismList != NULL )
4655 + xmlFree( keySlot->mechanismList ) ;
4656 +
4657 + if( keySlot->slot != NULL )
4658 + PK11_FreeSlot( keySlot->slot ) ;
4659 +
4660 + xmlFree( keySlot ) ;
4661 +}
4662 +
4663 +int
4664 +xmlSecNssKeySlotBindMech(
4665 + xmlSecNssKeySlotPtr keySlot ,
4666 + CK_MECHANISM_TYPE type
4667 +) {
4668 + int counter ;
4669 +
4670 + xmlSecAssert2( keySlot != NULL , 0 ) ;
4671 + xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
4672 + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
4673 +
4674 + for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
4675 + if( *( keySlot->mechanismList + counter ) == type )
4676 + return(1) ;
4677 + }
4678 +
4679 + return( 0 ) ;
4680 +}
4681 +
4682 +int
4683 +xmlSecNssKeySlotSupportMech(
4684 + xmlSecNssKeySlotPtr keySlot ,
4685 + CK_MECHANISM_TYPE type
4686 +) {
4687 + xmlSecAssert2( keySlot != NULL , 0 ) ;
4688 + xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
4689 + xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
4690 +
4691 + if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
4692 + return(1);
4693 + } else
4694 + return(0);
4695 +}
4696 +
4697 +void
4698 +xmlSecNssKeySlotDebugDump(
4699 + xmlSecNssKeySlotPtr keySlot ,
4700 + FILE* output
4701 +) {
4702 + xmlSecAssert( keySlot != NULL ) ;
4703 + xmlSecAssert( output != NULL ) ;
4704 +
4705 + fprintf( output, "== KEY SLOT\n" );
4706 +}
4707 +
4708 +void
4709 +xmlSecNssKeySlotDebugXmlDump(
4710 + xmlSecNssKeySlotPtr keySlot ,
4711 + FILE* output
4712 +) {
4713 +}
4714 +
4715 +/**
4716 + * Key Slot List
4717 + */
4718 +#ifdef __MINGW32__ // for runtime-pseudo-reloc
4719 +static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
4720 +#else
4721 +static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
4722 +#endif
4723 + BAD_CAST "mechanism-list",
4724 + (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
4725 + (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
4726 + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
4727 + (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
4728 +};
4729 +
4730 +xmlSecPtrListId
4731 +xmlSecNssKeySlotListGetKlass(void) {
4732 + return(&xmlSecNssKeySlotPtrListKlass);
4733 +}
4734 +
4735 +
4736 +/*-
4737 + * Global PKCS#11 crypto token repository -- Key slot list
4738 + */
4739 +static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
4740 +
4741 +PK11SlotInfo*
4742 +xmlSecNssSlotGet(
4743 + CK_MECHANISM_TYPE type
4744 +) {
4745 + PK11SlotInfo* slot = NULL ;
4746 + xmlSecNssKeySlotPtr keySlot ;
4747 + xmlSecSize ksSize ;
4748 + xmlSecSize ksPos ;
4749 + char flag ;
4750 +
4751 + if( _xmlSecNssKeySlotList == NULL ) {
4752 + slot = PK11_GetBestSlot( type , NULL ) ;
4753 + } else {
4754 + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
4755 +
4756 + /*-
4757 + * Firstly, checking whether the mechanism is bound with a special slot.
4758 + * If no bound slot, we try to find the first eligible slot in the list.
4759 + */
4760 + for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
4761 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
4762 + if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
4763 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
4764 + flag = 2 ;
4765 + } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
4766 + slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
4767 + flag = 1 ;
4768 + }
4769 +
4770 + if( flag == 2 )
4771 + break ;
4772 + }
4773 + if( slot != NULL )
4774 + slot = PK11_ReferenceSlot( slot ) ;
4775 + }
4776 +
4777 + if( slot != NULL && PK11_NeedLogin( slot ) ) {
4778 + if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
4779 + xmlSecError( XMLSEC_ERRORS_HERE ,
4780 + NULL ,
4781 + NULL ,
4782 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4783 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4784 + PK11_FreeSlot( slot ) ;
4785 + return( NULL );
4786 + }
4787 + }
4788 +
4789 + return slot ;
4790 +}
4791 +
4792 +int
4793 +xmlSecNssSlotInitialize(
4794 + void
4795 +) {
4796 + if( _xmlSecNssKeySlotList != NULL ) {
4797 + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
4798 + _xmlSecNssKeySlotList = NULL ;
4799 + }
4800 +
4801 + _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
4802 + if( _xmlSecNssKeySlotList == NULL ) {
4803 + xmlSecError( XMLSEC_ERRORS_HERE ,
4804 + NULL ,
4805 + NULL ,
4806 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4807 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4808 + return( -1 );
4809 + }
4810 +
4811 + return(0);
4812 +}
4813 +
4814 +void
4815 +xmlSecNssSlotShutdown(
4816 + void
4817 +) {
4818 + if( _xmlSecNssKeySlotList != NULL ) {
4819 + xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
4820 + _xmlSecNssKeySlotList = NULL ;
4821 + }
4822 +}
4823 +
4824 +int
4825 +xmlSecNssSlotAdopt(
4826 + PK11SlotInfo* slot,
4827 + CK_MECHANISM_TYPE type
4828 +) {
4829 + xmlSecNssKeySlotPtr keySlot ;
4830 + xmlSecSize ksSize ;
4831 + xmlSecSize ksPos ;
4832 + char flag ;
4833 +
4834 + xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
4835 + xmlSecAssert2( slot != NULL, -1 ) ;
4836 +
4837 + ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
4838 +
4839 + /*-
4840 + * Firstly, checking whether the slot is in the repository already.
4841 + */
4842 + flag = 0 ;
4843 + for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
4844 + keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
4845 + /* If find the slot in the list */
4846 + if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
4847 + /* If mechnism type is valid, bind the slot with the mechanism */
4848 + if( type != CKM_INVALID_MECHANISM ) {
4849 + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
4850 + xmlSecError( XMLSEC_ERRORS_HERE ,
4851 + NULL ,
4852 + NULL ,
4853 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4854 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4855 + return(-1);
4856 + }
4857 + }
4858 +
4859 + flag = 1 ;
4860 + }
4861 + }
4862 +
4863 + /* If the slot do not in the list, add a new item to the list */
4864 + if( flag == 0 ) {
4865 + /* Create a new KeySlot */
4866 + keySlot = xmlSecNssKeySlotCreate() ;
4867 + if( keySlot == NULL ) {
4868 + xmlSecError( XMLSEC_ERRORS_HERE ,
4869 + NULL ,
4870 + NULL ,
4871 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4872 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4873 + return(-1);
4874 + }
4875 +
4876 + /* Initialize the keySlot with a slot */
4877 + if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
4878 + xmlSecError( XMLSEC_ERRORS_HERE ,
4879 + NULL ,
4880 + NULL ,
4881 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4882 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4883 + xmlSecNssKeySlotDestroy( keySlot ) ;
4884 + return(-1);
4885 + }
4886 +
4887 + /* If mechnism type is valid, bind the slot with the mechanism */
4888 + if( type != CKM_INVALID_MECHANISM ) {
4889 + if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
4890 + xmlSecError( XMLSEC_ERRORS_HERE ,
4891 + NULL ,
4892 + NULL ,
4893 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4894 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4895 + xmlSecNssKeySlotDestroy( keySlot ) ;
4896 + return(-1);
4897 + }
4898 + }
4899 +
4900 + /* Add keySlot into the list */
4901 + if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
4902 + xmlSecError( XMLSEC_ERRORS_HERE ,
4903 + NULL ,
4904 + NULL ,
4905 + XMLSEC_ERRORS_R_XMLSEC_FAILED ,
4906 + XMLSEC_ERRORS_NO_MESSAGE ) ;
4907 + xmlSecNssKeySlotDestroy( keySlot ) ;
4908 + return(-1);
4909 + }
4910 + }
4911 +
4912 + return(0);
4913 +}
4914 +
4915 --- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200
4916 +++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200
4917 @@ -34,7 +34,6 @@
4918 #include <xmlsec/keys.h>
4919 #include <xmlsec/keyinfo.h>
4920 #include <xmlsec/keysmngr.h>
4921 -#include <xmlsec/x509.h>
4922 #include <xmlsec/base64.h>
4923 #include <xmlsec/errors.h>
4925 @@ -61,33 +60,18 @@
4926 static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data,
4927 xmlNodePtr node,
4928 xmlSecKeyInfoCtxPtr keyInfoCtx);
4929 -static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert,
4930 - xmlNodePtr node,
4931 - xmlSecKeyInfoCtxPtr keyInfoCtx);
4932 static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
4933 xmlNodePtr node,
4934 xmlSecKeyInfoCtxPtr keyInfoCtx);
4935 -static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert,
4936 - xmlNodePtr node,
4937 - xmlSecKeyInfoCtxPtr keyInfoCtx);
4938 static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
4939 xmlNodePtr node,
4940 xmlSecKeyInfoCtxPtr keyInfoCtx);
4941 -static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert,
4942 - xmlNodePtr node,
4943 - xmlSecKeyInfoCtxPtr keyInfoCtx);
4944 static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data,
4945 xmlNodePtr node,
4946 xmlSecKeyInfoCtxPtr keyInfoCtx);
4947 -static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert,
4948 - xmlNodePtr node,
4949 - xmlSecKeyInfoCtxPtr keyInfoCtx);
4950 static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data,
4951 xmlNodePtr node,
4952 xmlSecKeyInfoCtxPtr keyInfoCtx);
4953 -static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl,
4954 - xmlNodePtr node,
4955 - xmlSecKeyInfoCtxPtr keyInfoCtx);
4956 static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
4957 xmlSecKeyPtr key,
4958 xmlSecKeyInfoCtxPtr keyInfoCtx);
4959 @@ -104,9 +88,6 @@
4960 xmlSecKeyInfoCtxPtr keyInfoCtx);
4961 static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl,
4962 int base64LineWrap);
4963 -static xmlChar* xmlSecNssX509NameWrite (CERTName* nm);
4964 -static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num);
4965 -static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert);
4966 static void xmlSecNssX509CertDebugDump (CERTCertificate* cert,
4967 FILE* output);
4968 static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert,
4969 @@ -752,31 +733,22 @@
4970 xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
4971 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
4972 xmlSecKeyDataPtr data;
4973 + xmlNodePtr cur;
4974 + xmlChar* buf;
4975 CERTCertificate* cert;
4976 CERTSignedCrl* crl;
4977 xmlSecSize size, pos;
4978 - int content = 0;
4979 - int ret;
4981 xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1);
4982 xmlSecAssert2(key != NULL, -1);
4983 xmlSecAssert2(node != NULL, -1);
4984 xmlSecAssert2(keyInfoCtx != NULL, -1);
4986 - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
4987 - if (content < 0) {
4988 - xmlSecError(XMLSEC_ERRORS_HERE,
4989 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
4990 - "xmlSecX509DataGetNodeContent",
4991 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
4992 - "content=%d", content);
4993 - return(-1);
4994 - } else if(content == 0) {
4995 - /* by default we are writing certificates and crls */
4996 - content = XMLSEC_X509DATA_DEFAULT;
4997 + /* todo: flag in ctx remove all existing content */
4998 + if(0) {
4999 + xmlNodeSetContent(node, NULL);
5000 }
5002 - /* get x509 data */
5003 data = xmlSecKeyGetData(key, id);
5004 if(data == NULL) {
5005 /* no x509 data in the key */
5006 @@ -796,79 +768,74 @@
5007 return(-1);
5008 }
5010 - if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
5011 - ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx);
5012 - if(ret < 0) {
5013 + /* set base64 lines size from context */
5014 + buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
5015 + if(buf == NULL) {
5016 xmlSecError(XMLSEC_ERRORS_HERE,
5017 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5018 - "xmlSecNssX509CertificateNodeWrite",
5019 + "xmlSecNssX509CertBase64DerWrite",
5020 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5021 - "pos=%d", pos);
5022 + XMLSEC_ERRORS_NO_MESSAGE);
5023 return(-1);
5024 - }
5025 }
5027 - if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
5028 - ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
5029 - if(ret < 0) {
5030 + cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
5031 + if(cur == NULL) {
5032 xmlSecError(XMLSEC_ERRORS_HERE,
5033 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5034 - "xmlSecNssX509SubjectNameNodeWrite",
5035 + "xmlSecAddChild",
5036 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5037 - "pos=%d", pos);
5038 + "node=%s",
5039 + xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
5040 + xmlFree(buf);
5041 return(-1);
5042 - }
5043 }
5044 + /* todo: add \n around base64 data - from context */
5045 + /* todo: add errors check */
5046 + xmlNodeSetContent(cur, xmlSecStringCR);
5047 + xmlNodeSetContent(cur, buf);
5048 + xmlFree(buf);
5049 + }
5051 - if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
5052 - ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
5053 - if(ret < 0) {
5054 - xmlSecError(XMLSEC_ERRORS_HERE,
5055 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5056 - "xmlSecNssX509IssuerSerialNodeWrite",
5057 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5058 - "pos=%d", pos);
5059 - return(-1);
5060 - }
5061 + /* write crls */
5062 + size = xmlSecNssKeyDataX509GetCrlsSize(data);
5063 + for(pos = 0; pos < size; ++pos) {
5064 + crl = xmlSecNssKeyDataX509GetCrl(data, pos);
5065 + if(crl == NULL) {
5066 + xmlSecError(XMLSEC_ERRORS_HERE,
5067 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5068 + "xmlSecNssKeyDataX509GetCrl",
5069 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
5070 + "pos=%d", pos);
5071 + return(-1);
5072 }
5074 - if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
5075 - ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx);
5076 - if(ret < 0) {
5077 - xmlSecError(XMLSEC_ERRORS_HERE,
5078 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5079 - "xmlSecNssX509SKINodeWrite",
5080 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5081 - "pos=%d", pos);
5082 - return(-1);
5083 - }
5084 + /* set base64 lines size from context */
5085 + buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
5086 + if(buf == NULL) {
5087 + xmlSecError(XMLSEC_ERRORS_HERE,
5088 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5089 + "xmlSecNssX509CrlBase64DerWrite",
5090 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
5091 + XMLSEC_ERRORS_NO_MESSAGE);
5092 + return(-1);
5093 }
5094 - }
5096 - /* write crls if needed */
5097 - if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
5098 - size = xmlSecNssKeyDataX509GetCrlsSize(data);
5099 - for(pos = 0; pos < size; ++pos) {
5100 - crl = xmlSecNssKeyDataX509GetCrl(data, pos);
5101 - if(crl == NULL) {
5102 - xmlSecError(XMLSEC_ERRORS_HERE,
5103 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5104 - "xmlSecNssKeyDataX509GetCrl",
5105 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5106 - "pos=%d", pos);
5107 - return(-1);
5108 - }
5109 -
5110 - ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx);
5111 - if(ret < 0) {
5112 - xmlSecError(XMLSEC_ERRORS_HERE,
5113 - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5114 - "xmlSecNssX509CRLNodeWrite",
5115 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5116 - "pos=%d", pos);
5117 - return(-1);
5118 - }
5119 - }
5120 + cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
5121 + if(cur == NULL) {
5122 + xmlSecError(XMLSEC_ERRORS_HERE,
5123 + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
5124 + "xmlSecAddChild",
5125 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
5126 + "new_node=%s",
5127 + xmlSecErrorsSafeString(xmlSecNodeX509CRL));
5128 + xmlFree(buf);
5129 + return(-1);
5130 + }
5131 + /* todo: add \n around base64 data - from context */
5132 + /* todo: add errors check */
5133 + xmlNodeSetContent(cur, xmlSecStringCR);
5134 + xmlNodeSetContent(cur, buf);
5135 }
5137 return(0);
5138 @@ -1057,46 +1024,6 @@
5139 return(0);
5140 }
5142 -static int
5143 -xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5144 - xmlChar* buf;
5145 - xmlNodePtr cur;
5146 -
5147 - xmlSecAssert2(cert != NULL, -1);
5148 - xmlSecAssert2(node != NULL, -1);
5149 - xmlSecAssert2(keyInfoCtx != NULL, -1);
5150 -
5151 - /* set base64 lines size from context */
5152 - buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
5153 - if(buf == NULL) {
5154 - xmlSecError(XMLSEC_ERRORS_HERE,
5155 - NULL,
5156 - "xmlSecNssX509CertBase64DerWrite",
5157 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5158 - XMLSEC_ERRORS_NO_MESSAGE);
5159 - return(-1);
5160 - }
5161 -
5162 - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
5163 - if(cur == NULL) {
5164 - xmlSecError(XMLSEC_ERRORS_HERE,
5165 - NULL,
5166 - "xmlSecAddChild",
5167 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5168 - "node=%s",
5169 - xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
5170 - xmlFree(buf);
5171 - return(-1);
5172 - }
5173 -
5174 - /* todo: add \n around base64 data - from context */
5175 - /* todo: add errors check */
5176 - xmlNodeSetContent(cur, xmlSecStringCR);
5177 - xmlNodeSetContent(cur, buf);
5178 - xmlFree(buf);
5179 - return(0);
5180 -}
5181 -
5182 static int
5183 xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5184 xmlSecKeyDataStorePtr x509Store;
5185 @@ -1120,19 +1047,13 @@
5186 }
5188 subject = xmlNodeGetContent(node);
5189 - if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
5190 - if(subject != NULL) {
5191 - xmlFree(subject);
5192 - }
5193 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5194 + if(subject == NULL) {
5195 xmlSecError(XMLSEC_ERRORS_HERE,
5196 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5197 xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
5198 XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
5199 XMLSEC_ERRORS_NO_MESSAGE);
5200 return(-1);
5201 - }
5202 - return(0);
5203 }
5205 cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
5206 @@ -1169,40 +1090,6 @@
5207 return(0);
5208 }
5210 -static int
5211 -xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
5212 - xmlChar* buf = NULL;
5213 - xmlNodePtr cur = NULL;
5214 -
5215 - xmlSecAssert2(cert != NULL, -1);
5216 - xmlSecAssert2(node != NULL, -1);
5217 -
5218 - buf = xmlSecNssX509NameWrite(&(cert->subject));
5219 - if(buf == NULL) {
5220 - xmlSecError(XMLSEC_ERRORS_HERE,
5221 - NULL,
5222 - "xmlSecNssX509NameWrite(&(cert->subject))",
5223 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5224 - XMLSEC_ERRORS_NO_MESSAGE);
5225 - return(-1);
5226 - }
5227 -
5228 - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
5229 - if(cur == NULL) {
5230 - xmlSecError(XMLSEC_ERRORS_HERE,
5231 - NULL,
5232 - "xmlSecAddChild",
5233 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5234 - "node=%s",
5235 - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
5236 - xmlFree(buf);
5237 - return(-1);
5238 - }
5239 - xmlSecNodeEncodeAndSetContent(cur, buf);
5240 - xmlFree(buf);
5241 - return(0);
5242 -}
5243 -
5244 static int
5245 xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5246 xmlSecKeyDataStorePtr x509Store;
5247 @@ -1228,21 +1115,9 @@
5248 }
5250 cur = xmlSecGetNextElementNode(node->children);
5251 - if(cur == NULL) {
5252 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5253 - xmlSecError(XMLSEC_ERRORS_HERE,
5254 - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5255 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
5256 - XMLSEC_ERRORS_R_NODE_NOT_FOUND,
5257 - "node=%s",
5258 - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
5259 - return(-1);
5260 - }
5261 - return(0);
5262 - }
5264 /* the first is required node X509IssuerName */
5265 - if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
5266 + if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
5267 xmlSecError(XMLSEC_ERRORS_HERE,
5268 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5269 xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
5270 @@ -1336,78 +1211,6 @@
5271 return(0);
5272 }
5274 -static int
5275 -xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
5276 - xmlNodePtr cur;
5277 - xmlNodePtr issuerNameNode;
5278 - xmlNodePtr issuerNumberNode;
5279 - xmlChar* buf;
5280 -
5281 - xmlSecAssert2(cert != NULL, -1);
5282 - xmlSecAssert2(node != NULL, -1);
5283 -
5284 - /* create xml nodes */
5285 - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
5286 - if(cur == NULL) {
5287 - xmlSecError(XMLSEC_ERRORS_HERE,
5288 - NULL,
5289 - "xmlSecAddChild",
5290 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5291 - "node=%s",
5292 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
5293 - return(-1);
5294 - }
5295 -
5296 - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
5297 - if(issuerNameNode == NULL) {
5298 - xmlSecError(XMLSEC_ERRORS_HERE,
5299 - NULL,
5300 - "xmlSecAddChild",
5301 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5302 - "node=%s",
5303 - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
5304 - return(-1);
5305 - }
5306 -
5307 - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
5308 - if(issuerNumberNode == NULL) {
5309 - xmlSecError(XMLSEC_ERRORS_HERE,
5310 - NULL,
5311 - "xmlSecAddChild",
5312 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5313 - "node=%s",
5314 - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
5315 - return(-1);
5316 - }
5317 -
5318 - /* write data */
5319 - buf = xmlSecNssX509NameWrite(&(cert->issuer));
5320 - if(buf == NULL) {
5321 - xmlSecError(XMLSEC_ERRORS_HERE,
5322 - NULL,
5323 - "xmlSecNssX509NameWrite(&(cert->issuer))",
5324 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5325 - XMLSEC_ERRORS_NO_MESSAGE);
5326 - return(-1);
5327 - }
5328 - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
5329 - xmlFree(buf);
5330 -
5331 - buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber));
5332 - if(buf == NULL) {
5333 - xmlSecError(XMLSEC_ERRORS_HERE,
5334 - NULL,
5335 - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))",
5336 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5337 - XMLSEC_ERRORS_NO_MESSAGE);
5338 - return(-1);
5339 - }
5340 - xmlNodeSetContent(issuerNumberNode, buf);
5341 - xmlFree(buf);
5342 -
5343 - return(0);
5344 -}
5345 -
5346 static int
5347 xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5348 xmlSecKeyDataStorePtr x509Store;
5349 @@ -1431,11 +1234,7 @@
5350 }
5352 ski = xmlNodeGetContent(node);
5353 - if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
5354 - if(ski != NULL) {
5355 - xmlFree(ski);
5356 - }
5357 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5358 + if(ski == NULL) {
5359 xmlSecError(XMLSEC_ERRORS_HERE,
5360 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5361 xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
5362 @@ -1443,8 +1242,6 @@
5363 "node=%s",
5364 xmlSecErrorsSafeString(xmlSecNodeX509SKI));
5365 return(-1);
5366 - }
5367 - return(0);
5368 }
5370 cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
5371 @@ -1479,41 +1276,6 @@
5372 return(0);
5373 }
5375 -static int
5376 -xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
5377 - xmlChar *buf = NULL;
5378 - xmlNodePtr cur = NULL;
5379 -
5380 - xmlSecAssert2(cert != NULL, -1);
5381 - xmlSecAssert2(node != NULL, -1);
5382 -
5383 - buf = xmlSecNssX509SKIWrite(cert);
5384 - if(buf == NULL) {
5385 - xmlSecError(XMLSEC_ERRORS_HERE,
5386 - NULL,
5387 - "xmlSecNssX509SKIWrite",
5388 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5389 - XMLSEC_ERRORS_NO_MESSAGE);
5390 - return(-1);
5391 - }
5392 -
5393 - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
5394 - if(cur == NULL) {
5395 - xmlSecError(XMLSEC_ERRORS_HERE,
5396 - NULL,
5397 - "xmlSecAddChild",
5398 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5399 - "new_node=%s",
5400 - xmlSecErrorsSafeString(xmlSecNodeX509SKI));
5401 - xmlFree(buf);
5402 - return(-1);
5403 - }
5404 - xmlSecNodeEncodeAndSetContent(cur, buf);
5405 - xmlFree(buf);
5406 -
5407 - return(0);
5408 -}
5409 -
5410 static int
5411 xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5412 xmlChar *content;
5413 @@ -1524,19 +1286,13 @@
5414 xmlSecAssert2(keyInfoCtx != NULL, -1);
5416 content = xmlNodeGetContent(node);
5417 - if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
5418 - if(content != NULL) {
5419 - xmlFree(content);
5420 - }
5421 - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
5422 + if(content == NULL){
5423 xmlSecError(XMLSEC_ERRORS_HERE,
5424 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5425 xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
5426 XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
5427 XMLSEC_ERRORS_NO_MESSAGE);
5428 return(-1);
5429 - }
5430 - return(0);
5431 }
5433 crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx);
5434 @@ -1556,47 +1312,6 @@
5435 }
5437 static int
5438 -xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
5439 - xmlChar* buf = NULL;
5440 - xmlNodePtr cur = NULL;
5441 -
5442 - xmlSecAssert2(crl != NULL, -1);
5443 - xmlSecAssert2(node != NULL, -1);
5444 - xmlSecAssert2(keyInfoCtx != NULL, -1);
5445 -
5446 - /* set base64 lines size from context */
5447 - buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
5448 - if(buf == NULL) {
5449 - xmlSecError(XMLSEC_ERRORS_HERE,
5450 - NULL,
5451 - "xmlSecNssX509CrlBase64DerWrite",
5452 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5453 - XMLSEC_ERRORS_NO_MESSAGE);
5454 - return(-1);
5455 - }
5456 -
5457 - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
5458 - if(cur == NULL) {
5459 - xmlSecError(XMLSEC_ERRORS_HERE,
5460 - NULL,
5461 - "xmlSecAddChild",
5462 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5463 - "new_node=%s",
5464 - xmlSecErrorsSafeString(xmlSecNodeX509CRL));
5465 - xmlFree(buf);
5466 - return(-1);
5467 - }
5468 - /* todo: add \n around base64 data - from context */
5469 - /* todo: add errors check */
5470 - xmlNodeSetContent(cur, xmlSecStringCR);
5471 - xmlNodeSetContent(cur, buf);
5472 - xmlFree(buf);
5473 -
5474 - return(0);
5475 -}
5476 -
5477 -
5478 -static int
5479 xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
5480 xmlSecKeyInfoCtxPtr keyInfoCtx) {
5481 xmlSecNssX509DataCtxPtr ctx;
5482 @@ -1604,6 +1319,10 @@
5483 int ret;
5484 SECStatus status;
5485 PRTime notBefore, notAfter;
5486 +
5487 + PK11SlotInfo* slot ;
5488 + SECKEYPublicKey *pubKey = NULL;
5489 + SECKEYPrivateKey *priKey = NULL;
5491 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1);
5492 xmlSecAssert2(key != NULL, -1);
5493 @@ -1636,10 +1355,14 @@
5494 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
5495 "CERT_DupCertificate",
5496 XMLSEC_ERRORS_R_CRYPTO_FAILED,
5497 - XMLSEC_ERRORS_NO_MESSAGE);
5498 + "error code=%d", PORT_GetError());
5499 return(-1);
5500 }
5501 -
5502 +
5503 + /*-
5504 + * Get Public key from cert, which does not always work for sign
5505 + * action.
5506 + *
5507 keyValue = xmlSecNssX509CertGetKey(ctx->keyCert);
5508 if(keyValue == NULL) {
5509 xmlSecError(XMLSEC_ERRORS_HERE,
5510 @@ -1649,6 +1372,54 @@
5511 XMLSEC_ERRORS_NO_MESSAGE);
5512 return(-1);
5513 }
5514 + */
5515 + /*-
5516 + * I'll search key according to KeyReq.
5517 + */
5518 + slot = cert->slot ;
5519 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) {
5520 + if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) {
5521 + xmlSecError( XMLSEC_ERRORS_HERE ,
5522 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
5523 + "PK11_FindPrivateKeyFromCert" ,
5524 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
5525 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5526 + return -1 ;
5527 + }
5528 + }
5529 +
5530 + if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) {
5531 + if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) {
5532 + xmlSecError( XMLSEC_ERRORS_HERE ,
5533 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
5534 + "CERT_ExtractPublicKey" ,
5535 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
5536 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5537 +
5538 +
5539 + if( priKey != NULL )
5540 + SECKEY_DestroyPrivateKey( priKey ) ;
5541 + return -1 ;
5542 + }
5543 + }
5544 +
5545 + keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey);
5546 + if( keyValue == NULL ) {
5547 + xmlSecError( XMLSEC_ERRORS_HERE ,
5548 + xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) ,
5549 + "xmlSecNssPKIAdoptKey" ,
5550 + XMLSEC_ERRORS_R_CRYPTO_FAILED ,
5551 + XMLSEC_ERRORS_NO_MESSAGE ) ;
5552 +
5553 + if( priKey != NULL )
5554 + SECKEY_DestroyPrivateKey( priKey ) ;
5555 +
5556 + if( pubKey != NULL )
5557 + SECKEY_DestroyPublicKey( pubKey ) ;
5558 +
5559 + return -1 ;
5560 + }
5561 + /* Modify keyValue get Done */
5563 /* verify that the key matches our expectations */
5564 if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
5565 @@ -1950,86 +1721,6 @@
5566 return(res);
5567 }
5569 -static xmlChar*
5570 -xmlSecNssX509NameWrite(CERTName* nm) {
5571 - xmlChar *res = NULL;
5572 - char *str;
5573 -
5574 - xmlSecAssert2(nm != NULL, NULL);
5575 -
5576 - str = CERT_NameToAscii(nm);
5577 - if (str == NULL) {
5578 - xmlSecError(XMLSEC_ERRORS_HERE,
5579 - NULL,
5580 - "CERT_NameToAscii",
5581 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
5582 - XMLSEC_ERRORS_NO_MESSAGE);
5583 - return(NULL);
5584 - }
5585 -
5586 - res = xmlStrdup(BAD_CAST str);
5587 - if(res == NULL) {
5588 - xmlSecError(XMLSEC_ERRORS_HERE,
5589 - NULL,
5590 - "xmlStrdup",
5591 - XMLSEC_ERRORS_R_MALLOC_FAILED,
5592 - XMLSEC_ERRORS_NO_MESSAGE);
5593 - PORT_Free(str);
5594 - return(NULL);
5595 - }
5596 - PORT_Free(str);
5597 - return(res);
5598 -}
5599 -
5600 -static xmlChar*
5601 -xmlSecNssASN1IntegerWrite(SECItem *num) {
5602 - xmlChar *res = NULL;
5603 -
5604 - xmlSecAssert2(num != NULL, NULL);
5605 -
5606 - /* TODO : to be implemented after
5607 - * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed
5608 - */
5609 - return(res);
5610 -}
5611 -
5612 -static xmlChar*
5613 -xmlSecNssX509SKIWrite(CERTCertificate* cert) {
5614 - xmlChar *res = NULL;
5615 - SECItem ski;
5616 - SECStatus rv;
5617 -
5618 - xmlSecAssert2(cert != NULL, NULL);
5619 -
5620 - memset(&ski, 0, sizeof(ski));
5621 -
5622 - rv = CERT_FindSubjectKeyIDExtension(cert, &ski);
5623 - if (rv != SECSuccess) {
5624 - xmlSecError(XMLSEC_ERRORS_HERE,
5625 - NULL,
5626 - "CERT_FindSubjectKeyIDExtension",
5627 - XMLSEC_ERRORS_R_CRYPTO_FAILED,
5628 - XMLSEC_ERRORS_NO_MESSAGE);
5629 - SECITEM_FreeItem(&ski, PR_FALSE);
5630 - return(NULL);
5631 - }
5632 -
5633 - res = xmlSecBase64Encode(ski.data, ski.len, 0);
5634 - if(res == NULL) {
5635 - xmlSecError(XMLSEC_ERRORS_HERE,
5636 - NULL,
5637 - "xmlSecBase64Encode",
5638 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5639 - XMLSEC_ERRORS_NO_MESSAGE);
5640 - SECITEM_FreeItem(&ski, PR_FALSE);
5641 - return(NULL);
5642 - }
5643 - SECITEM_FreeItem(&ski, PR_FALSE);
5644 -
5645 - return(res);
5646 -}
5647 -
5648 -
5649 static void
5650 xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) {
5651 SECItem *sn;
5652 --- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200
5653 +++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200
5654 @@ -30,6 +30,7 @@
5655 #include <xmlsec/keyinfo.h>
5656 #include <xmlsec/keysmngr.h>
5657 #include <xmlsec/base64.h>
5658 +#include <xmlsec/bn.h>
5659 #include <xmlsec/errors.h>
5661 #include <xmlsec/nss/crypto.h>
5662 @@ -61,17 +62,7 @@
5664 static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store);
5665 static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store);
5666 -static int xmlSecNssX509NameStringRead (xmlSecByte **str,
5667 - int *strLen,
5668 - xmlSecByte *res,
5669 - int resLen,
5670 - xmlSecByte delim,
5671 - int ingoreTrailingSpaces);
5672 -static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str,
5673 - int len);
5674 -
5675 -static void xmlSecNssNumToItem(SECItem *it, unsigned long num);
5676 -
5677 +static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ;
5679 static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = {
5680 sizeof(xmlSecKeyDataStoreKlass),
5681 @@ -339,40 +330,28 @@
5682 xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName,
5683 xmlChar *issuerSerial, xmlChar *ski) {
5684 CERTCertificate *cert = NULL;
5685 - xmlChar *p = NULL;
5686 CERTName *name = NULL;
5687 SECItem *nameitem = NULL;
5688 PRArenaPool *arena = NULL;
5690 if (subjectName != NULL) {
5691 - p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName));
5692 - if (p == NULL) {
5693 - xmlSecError(XMLSEC_ERRORS_HERE,
5694 - NULL,
5695 - "xmlSecNssX509NameRead",
5696 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5697 - "subject=%s",
5698 - xmlSecErrorsSafeString(subjectName));
5699 - goto done;
5700 - }
5701 -
5702 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
5703 if (arena == NULL) {
5704 xmlSecError(XMLSEC_ERRORS_HERE,
5705 NULL,
5706 "PORT_NewArena",
5707 XMLSEC_ERRORS_R_CRYPTO_FAILED,
5708 - XMLSEC_ERRORS_NO_MESSAGE);
5709 + "error code=%d", PORT_GetError());
5710 goto done;
5711 }
5713 - name = CERT_AsciiToName((char*)p);
5714 + name = CERT_AsciiToName((char*)subjectName);
5715 if (name == NULL) {
5716 xmlSecError(XMLSEC_ERRORS_HERE,
5717 NULL,
5718 "CERT_AsciiToName",
5719 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5720 - XMLSEC_ERRORS_NO_MESSAGE);
5721 + "error code=%d", PORT_GetError());
5722 goto done;
5723 }
5725 @@ -394,34 +373,23 @@
5726 if((issuerName != NULL) && (issuerSerial != NULL)) {
5727 CERTIssuerAndSN issuerAndSN;
5729 - p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName));
5730 - if (p == NULL) {
5731 - xmlSecError(XMLSEC_ERRORS_HERE,
5732 - NULL,
5733 - "xmlSecNssX509NameRead",
5734 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5735 - "issuer=%s",
5736 - xmlSecErrorsSafeString(issuerName));
5737 - goto done;
5738 - }
5739 -
5740 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
5741 if (arena == NULL) {
5742 xmlSecError(XMLSEC_ERRORS_HERE,
5743 NULL,
5744 "PORT_NewArena",
5745 XMLSEC_ERRORS_R_CRYPTO_FAILED,
5746 - XMLSEC_ERRORS_NO_MESSAGE);
5747 + "error code=%d", PORT_GetError());
5748 goto done;
5749 }
5751 - name = CERT_AsciiToName((char*)p);
5752 + name = CERT_AsciiToName((char*)issuerName);
5753 if (name == NULL) {
5754 xmlSecError(XMLSEC_ERRORS_HERE,
5755 NULL,
5756 "CERT_AsciiToName",
5757 XMLSEC_ERRORS_R_XMLSEC_FAILED,
5758 - XMLSEC_ERRORS_NO_MESSAGE);
5759 + "error code=%d", PORT_GetError());
5760 goto done;
5761 }
5763 @@ -441,8 +409,15 @@
5764 issuerAndSN.derIssuer.data = nameitem->data;
5765 issuerAndSN.derIssuer.len = nameitem->len;
5767 - /* TBD: serial num can be arbitrarily long */
5768 - xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial));
5769 + if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) {
5770 + xmlSecError(XMLSEC_ERRORS_HERE,
5771 + NULL,
5772 + "xmlSecNssIntegerToItem",
5773 + XMLSEC_ERRORS_R_XMLSEC_FAILED,
5774 + "serial number=%s",
5775 + xmlSecErrorsSafeString(issuerSerial));
5776 + goto done;
5777 + }
5779 cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(),
5780 &issuerAndSN);
5781 @@ -473,9 +448,6 @@
5782 }
5784 done:
5785 - if (p != NULL) {
5786 - PORT_Free(p);
5787 - }
5788 if (arena != NULL) {
5789 PORT_FreeArena(arena, PR_FALSE);
5790 }
5791 @@ -486,176 +458,6 @@
5792 return(cert);
5793 }
5795 -static xmlSecByte *
5796 -xmlSecNssX509NameRead(xmlSecByte *str, int len) {
5797 - xmlSecByte name[256];
5798 - xmlSecByte value[256];
5799 - xmlSecByte *retval = NULL;
5800 - xmlSecByte *p = NULL;
5801 - int nameLen, valueLen;
5802 -
5803 - xmlSecAssert2(str != NULL, NULL);
5804 -
5805 - /* return string should be no longer than input string */
5806 - retval = (xmlSecByte *)PORT_Alloc(len+1);
5807 - if(retval == NULL) {
5808 - xmlSecError(XMLSEC_ERRORS_HERE,
5809 - NULL,
5810 - "PORT_Alloc",
5811 - XMLSEC_ERRORS_R_MALLOC_FAILED,
5812 - XMLSEC_ERRORS_NO_MESSAGE);
5813 - return(NULL);
5814 - }
5815 - p = retval;
5816 -
5817 - while(len > 0) {
5818 - /* skip spaces after comma or semicolon */
5819 - while((len > 0) && isspace(*str)) {
5820 - ++str; --len;
5821 - }
5822 -
5823 - nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0);
5824 - if(nameLen < 0) {
5825 - xmlSecError(XMLSEC_ERRORS_HERE,
5826 - NULL,
5827 - "xmlSecNssX509NameStringRead",
5828 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5829 - XMLSEC_ERRORS_NO_MESSAGE);
5830 - goto done;
5831 - }
5832 - memcpy(p, name, nameLen);
5833 - p+=nameLen;
5834 - *p++='=';
5835 - if(len > 0) {
5836 - ++str; --len;
5837 - if((*str) == '\"') {
5838 - valueLen = xmlSecNssX509NameStringRead(&str, &len,
5839 - value, sizeof(value), '"', 1);
5840 - if(valueLen < 0) {
5841 - xmlSecError(XMLSEC_ERRORS_HERE,
5842 - NULL,
5843 - "xmlSecNssX509NameStringRead",
5844 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5845 - XMLSEC_ERRORS_NO_MESSAGE);
5846 - goto done;
5847 - }
5848 - /* skip spaces before comma or semicolon */
5849 - while((len > 0) && isspace(*str)) {
5850 - ++str; --len;
5851 - }
5852 - if((len > 0) && ((*str) != ',')) {
5853 - xmlSecError(XMLSEC_ERRORS_HERE,
5854 - NULL,
5855 - NULL,
5856 - XMLSEC_ERRORS_R_INVALID_DATA,
5857 - "comma is expected");
5858 - goto done;
5859 - }
5860 - if(len > 0) {
5861 - ++str; --len;
5862 - }
5863 - *p++='\"';
5864 - memcpy(p, value, valueLen);
5865 - p+=valueLen;
5866 - *p++='\"';
5867 - } else if((*str) == '#') {
5868 - /* TODO: read octect values */
5869 - xmlSecError(XMLSEC_ERRORS_HERE,
5870 - NULL,
5871 - NULL,
5872 - XMLSEC_ERRORS_R_INVALID_DATA,
5873 - "reading octect values is not implemented yet");
5874 - goto done;
5875 - } else {
5876 - valueLen = xmlSecNssX509NameStringRead(&str, &len,
5877 - value, sizeof(value), ',', 1);
5878 - if(valueLen < 0) {
5879 - xmlSecError(XMLSEC_ERRORS_HERE,
5880 - NULL,
5881 - "xmlSecNssX509NameStringRead",
5882 - XMLSEC_ERRORS_R_XMLSEC_FAILED,
5883 - XMLSEC_ERRORS_NO_MESSAGE);
5884 - goto done;
5885 - }
5886 - memcpy(p, value, valueLen);
5887 - p+=valueLen;
5888 - if (len > 0)
5889 - *p++=',';
5890 - }
5891 - } else {
5892 - valueLen = 0;
5893 - }
5894 - if(len > 0) {
5895 - ++str; --len;
5896 - }
5897 - }
5898 -
5899 - *p = 0;
5900 - return(retval);
5901 -
5902 -done:
5903 - PORT_Free(retval);
5904 - return (NULL);
5905 -}
5906 -
5907 -static int
5908 -xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen,
5909 - xmlSecByte *res, int resLen,
5910 - xmlSecByte delim, int ingoreTrailingSpaces) {
5911 - xmlSecByte *p, *q, *nonSpace;
5912 -
5913 - xmlSecAssert2(str != NULL, -1);
5914 - xmlSecAssert2(strLen != NULL, -1);
5915 - xmlSecAssert2(res != NULL, -1);
5916 -
5917 - p = (*str);
5918 - nonSpace = q = res;
5919 - while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) {
5920 - if((*p) != '\\') {
5921 - if(ingoreTrailingSpaces && !isspace(*p)) {
5922 - nonSpace = q;
5923 - }
5924 - *(q++) = *(p++);
5925 - } else {
5926 - ++p;
5927 - nonSpace = q;
5928 - if(xmlSecIsHex((*p))) {
5929 - if((p - (*str) + 1) >= (*strLen)) {
5930 - xmlSecError(XMLSEC_ERRORS_HERE,
5931 - NULL,
5932 - NULL,
5933 - XMLSEC_ERRORS_R_INVALID_DATA,
5934 - "two hex digits expected");
5935 - return(-1);
5936 - }
5937 - *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]);
5938 - p += 2;
5939 - } else {
5940 - if(((++p) - (*str)) >= (*strLen)) {
5941 - xmlSecError(XMLSEC_ERRORS_HERE,
5942 - NULL,
5943 - NULL,
5944 - XMLSEC_ERRORS_R_INVALID_DATA,
5945 - "escaped symbol missed");
5946 - return(-1);
5947 - }
5948 - *(q++) = *(p++);
5949 - }
5950 - }
5951 - }
5952 - if(((p - (*str)) < (*strLen)) && ((*p) != delim)) {
5953 - xmlSecError(XMLSEC_ERRORS_HERE,
5954 - NULL,
5955 - NULL,
5956 - XMLSEC_ERRORS_R_INVALID_SIZE,
5957 - "buffer is too small");
5958 - return(-1);
5959 - }
5960 - (*strLen) -= (p - (*str));
5961 - (*str) = p;
5962 - return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res);
5963 -}
5964 -
5965 /* code lifted from NSS */
5966 static void
5967 xmlSecNssNumToItem(SECItem *it, unsigned long ui)
5968 @@ -699,6 +501,77 @@
5969 it->len = len;
5970 PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len);
5971 }
5972 +
5973 +static int
5974 +xmlSecNssIntegerToItem(
5975 + const xmlChar* integer ,
5976 + SECItem *item
5977 +) {
5978 + xmlSecBn bn ;
5979 + xmlSecSize i, length ;
5980 + const xmlSecByte* bnInteger ;
5981 +
5982 + xmlSecAssert2( integer != NULL, -1 ) ;
5983 + xmlSecAssert2( item != NULL, -1 ) ;
5984 +
5985 + if( xmlSecBnInitialize( &bn, 0 ) < 0 ) {
5986 + xmlSecError(XMLSEC_ERRORS_HERE,
5987 + NULL,
5988 + "xmlSecBnInitialize",
5989 + XMLSEC_ERRORS_R_INVALID_DATA,
5990 + XMLSEC_ERRORS_NO_MESSAGE);
5991 + return -1 ;
5992 + }
5993 +
5994 + if( xmlSecBnFromDecString( &bn, integer ) < 0 ) {
5995 + xmlSecError(XMLSEC_ERRORS_HERE,
5996 + NULL,
5997 + "xmlSecBnFromDecString",
5998 + XMLSEC_ERRORS_R_INVALID_DATA,
5999 + XMLSEC_ERRORS_NO_MESSAGE);
6000 + xmlSecBnFinalize( &bn ) ;
6001 + return -1 ;
6002 + }
6003 +
6004 + length = xmlSecBnGetSize( &bn ) ;
6005 + if( length <= 0 ) {
6006 + xmlSecError(XMLSEC_ERRORS_HERE,
6007 + NULL,
6008 + "xmlSecBnGetSize",
6009 + XMLSEC_ERRORS_R_INVALID_DATA,
6010 + XMLSEC_ERRORS_NO_MESSAGE);
6011 + }
6012 +
6013 + bnInteger = xmlSecBnGetData( &bn ) ;
6014 + if( bnInteger == NULL ) {
6015 + xmlSecError(XMLSEC_ERRORS_HERE,
6016 + NULL,
6017 + "xmlSecBnGetData",
6018 + XMLSEC_ERRORS_R_INVALID_DATA,
6019 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6020 + xmlSecBnFinalize( &bn ) ;
6021 + return -1 ;
6022 + }
6023 +
6024 + item->data = ( unsigned char * )PORT_Alloc( length );
6025 + if( item->data == NULL ) {
6026 + xmlSecError(XMLSEC_ERRORS_HERE,
6027 + NULL,
6028 + "PORT_Alloc",
6029 + XMLSEC_ERRORS_R_INVALID_DATA,
6030 + XMLSEC_ERRORS_NO_MESSAGE ) ;
6031 + xmlSecBnFinalize( &bn ) ;
6032 + return -1 ;
6033 + }
6034 +
6035 + item->len = length;
6036 + for( i = 0 ; i < length ; i ++ )
6037 + item->data[i] = *( bnInteger + i ) ;
6038 +
6039 + xmlSecBnFinalize( &bn ) ;
6040 +
6041 + return 0 ;
6042 +}
6043 #endif /* XMLSEC_NO_X509 */
6046 --- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200
6047 +++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200
6048 @@ -218,6 +218,9 @@
6049 $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj
6051 XMLSEC_NSS_OBJS = \
6052 + $(XMLSEC_NSS_INTDIR)\akmngr.obj\
6053 + $(XMLSEC_NSS_INTDIR)\keywrapers.obj\
6054 + $(XMLSEC_NSS_INTDIR)\tokens.obj\
6055 $(XMLSEC_NSS_INTDIR)\app.obj\
6056 $(XMLSEC_NSS_INTDIR)\bignum.obj\
6057 $(XMLSEC_NSS_INTDIR)\ciphers.obj \
6058 @@ -253,6 +256,7 @@
6059 $(XMLSEC_NSS_INTDIR_A)\strings.obj
6061 XMLSEC_MSCRYPTO_OBJS = \
6062 + $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\
6063 $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\
6064 $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \
6065 $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \