1--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200 2+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200 3@@ -3,6 +3,7 @@ 4 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto 5 6 xmlsecmscryptoinc_HEADERS = \ 7+akmngr.h \ 8 app.h \ 9 certkeys.h \ 10 crypto.h \ 11--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200 12+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200 13@@ -281,6 +281,7 @@ 14 NULL = 15 xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto 16 xmlsecmscryptoinc_HEADERS = \ 17+akmngr.h \ 18 app.h \ 19 certkeys.h \ 20 crypto.h \ 21--- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200 22+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200 23@@ -1 +1,71 @@ 24-dummy 25+/** 26+ * XMLSec library 27+ * 28+ * This is free software; see Copyright file in the source 29+ * distribution for preciese wording. 30+ * 31+ * Copyright .......................... 32+ */ 33+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ 34+#define __XMLSEC_MSCRYPTO_AKMNGR_H__ 35+ 36+#include <windows.h> 37+#include <wincrypt.h> 38+ 39+#include <xmlsec/xmlsec.h> 40+#include <xmlsec/keys.h> 41+#include <xmlsec/transforms.h> 42+ 43+#ifdef __cplusplus 44+extern "C" { 45+#endif /* __cplusplus */ 46+ 47+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr 48+xmlSecMSCryptoAppliedKeysMngrCreate( 49+ HCERTSTORE keyStore , 50+ HCERTSTORE certStore 51+) ; 52+ 53+XMLSEC_CRYPTO_EXPORT int 54+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( 55+ xmlSecKeysMngrPtr mngr , 56+ HCRYPTKEY symKey 57+) ; 58+ 59+XMLSEC_CRYPTO_EXPORT int 60+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( 61+ xmlSecKeysMngrPtr mngr , 62+ HCRYPTKEY pubKey 63+) ; 64+ 65+XMLSEC_CRYPTO_EXPORT int 66+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( 67+ xmlSecKeysMngrPtr mngr , 68+ HCRYPTKEY priKey 69+) ; 70+ 71+XMLSEC_CRYPTO_EXPORT int 72+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( 73+ xmlSecKeysMngrPtr mngr , 74+ HCERTSTORE keyStore 75+) ; 76+ 77+XMLSEC_CRYPTO_EXPORT int 78+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( 79+ xmlSecKeysMngrPtr mngr , 80+ HCERTSTORE trustedStore 81+) ; 82+ 83+XMLSEC_CRYPTO_EXPORT int 84+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( 85+ xmlSecKeysMngrPtr mngr , 86+ HCERTSTORE untrustedStore 87+) ; 88+ 89+#ifdef __cplusplus 90+} 91+#endif /* __cplusplus */ 92+ 93+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ 94+ 95+ 96--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 97+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200 98@@ -10,6 +10,9 @@ 99 keysstore.h \ 100 pkikeys.h \ 101 x509.h \ 102+akmngr.h \ 103+tokens.h \ 104+ciphers.h \ 105 $(NULL) 106 107 install-exec-hook: 108--- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200 109+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200 110@@ -288,6 +288,9 @@ 111 keysstore.h \ 112 pkikeys.h \ 113 x509.h \ 114+akmngr.h \ 115+tokens.h \ 116+ciphers.h \ 117 $(NULL) 118 119 all: all-am 120--- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200 121+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200 122@@ -1 +1,56 @@ 123-dummy 124+/** 125+ * XMLSec library 126+ * 127+ * This is free software; see Copyright file in the source 128+ * distribution for preciese wording. 129+ * 130+ * Copyright .......................... 131+ */ 132+#ifndef __XMLSEC_NSS_AKMNGR_H__ 133+#define __XMLSEC_NSS_AKMNGR_H__ 134+ 135+#include <nss.h> 136+#include <nspr.h> 137+#include <pk11func.h> 138+#include <cert.h> 139+ 140+#include <xmlsec/xmlsec.h> 141+#include <xmlsec/keys.h> 142+#include <xmlsec/transforms.h> 143+ 144+#ifdef __cplusplus 145+extern "C" { 146+#endif /* __cplusplus */ 147+ 148+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr 149+xmlSecNssAppliedKeysMngrCreate( 150+ PK11SlotInfo** slots, 151+ int cSlots, 152+ CERTCertDBHandle* handler 153+) ; 154+ 155+XMLSEC_CRYPTO_EXPORT int 156+xmlSecNssAppliedKeysMngrSymKeyLoad( 157+ xmlSecKeysMngrPtr mngr , 158+ PK11SymKey* symKey 159+) ; 160+ 161+XMLSEC_CRYPTO_EXPORT int 162+xmlSecNssAppliedKeysMngrPubKeyLoad( 163+ xmlSecKeysMngrPtr mngr , 164+ SECKEYPublicKey* pubKey 165+) ; 166+ 167+XMLSEC_CRYPTO_EXPORT int 168+xmlSecNssAppliedKeysMngrPriKeyLoad( 169+ xmlSecKeysMngrPtr mngr , 170+ SECKEYPrivateKey* priKey 171+) ; 172+ 173+#ifdef __cplusplus 174+} 175+#endif /* __cplusplus */ 176+ 177+#endif /* __XMLSEC_NSS_AKMNGR_H__ */ 178+ 179+ 180--- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200 181+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200 182@@ -22,6 +22,9 @@ 183 #include <xmlsec/keysmngr.h> 184 #include <xmlsec/transforms.h> 185 186+#include <xmlsec/nss/tokens.h> 187+#include <xmlsec/nss/akmngr.h> 188+ 189 /** 190 * Init/shutdown 191 */ 192@@ -36,6 +39,8 @@ 193 xmlSecKeyPtr key); 194 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, 195 const char* uri); 196+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, 197+ xmlSecNssKeySlotPtr keySlot); 198 XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, 199 const char* filename, 200 xmlSecKeyDataType type); 201--- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200 202+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200 203@@ -1 +1,35 @@ 204-dummy 205+/** 206+ * XMLSec library 207+ * 208+ * This is free software; see Copyright file in the source 209+ * distribution for preciese wording. 210+ * 211+ * Copyright .......................... 212+ */ 213+#ifndef __XMLSEC_NSS_CIPHERS_H__ 214+#define __XMLSEC_NSS_CIPHERS_H__ 215+ 216+#ifdef __cplusplus 217+extern "C" { 218+#endif /* __cplusplus */ 219+ 220+#include <xmlsec/xmlsec.h> 221+#include <xmlsec/keys.h> 222+#include <xmlsec/transforms.h> 223+ 224+ 225+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, 226+ PK11SymKey* symkey ) ; 227+ 228+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; 229+ 230+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); 231+ 232+ 233+#ifdef __cplusplus 234+} 235+#endif /* __cplusplus */ 236+ 237+#endif /* __XMLSEC_NSS_CIPHERS_H__ */ 238+ 239+ 240--- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200 241+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200 242@@ -16,6 +16,8 @@ 243 #endif /* __cplusplus */ 244 245 #include <xmlsec/xmlsec.h> 246+#include <xmlsec/keysmngr.h> 247+#include <xmlsec/nss/tokens.h> 248 249 /**************************************************************************** 250 * 251@@ -31,6 +33,8 @@ 252 XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); 253 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, 254 xmlSecKeyPtr key); 255+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, 256+ xmlSecNssKeySlotPtr keySlot); 257 XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, 258 const char *uri, 259 xmlSecKeysMngrPtr keysMngr); 260--- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200 261+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200 262@@ -1 +1,182 @@ 263-dummy 264+/** 265+ * XMLSec library 266+ * 267+ * This is free software; see Copyright file in the source 268+ * distribution for preciese wording. 269+ * 270+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. 271+ * 272+ * Contributor(s): _____________________________ 273+ * 274+ */ 275+#ifndef __XMLSEC_NSS_TOKENS_H__ 276+#define __XMLSEC_NSS_TOKENS_H__ 277+ 278+#include <string.h> 279+ 280+#include <nss.h> 281+#include <pk11func.h> 282+ 283+#include <xmlsec/xmlsec.h> 284+#include <xmlsec/list.h> 285+ 286+#ifdef __cplusplus 287+extern "C" { 288+#endif /* __cplusplus */ 289+ 290+/** 291+ * xmlSecNssKeySlotListId 292+ * 293+ * The crypto mechanism list klass 294+ */ 295+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() 296+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; 297+ 298+/******************************************* 299+ * KeySlot interfaces 300+ *******************************************/ 301+/** 302+ * Internal NSS key slot data 303+ * @mechanismList: the mechanisms that the slot bound with. 304+ * @slot: the pkcs slot 305+ * 306+ * This context is located after xmlSecPtrList 307+ */ 308+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; 309+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; 310+ 311+struct _xmlSecNssKeySlot { 312+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ 313+ PK11SlotInfo* slot ; 314+} ; 315+ 316+XMLSEC_CRYPTO_EXPORT int 317+xmlSecNssKeySlotSetMechList( 318+ xmlSecNssKeySlotPtr keySlot , 319+ CK_MECHANISM_TYPE_PTR mechanismList 320+) ; 321+ 322+XMLSEC_CRYPTO_EXPORT int 323+xmlSecNssKeySlotEnableMech( 324+ xmlSecNssKeySlotPtr keySlot , 325+ CK_MECHANISM_TYPE mechanism 326+) ; 327+ 328+XMLSEC_CRYPTO_EXPORT int 329+xmlSecNssKeySlotDisableMech( 330+ xmlSecNssKeySlotPtr keySlot , 331+ CK_MECHANISM_TYPE mechanism 332+) ; 333+ 334+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR 335+xmlSecNssKeySlotGetMechList( 336+ xmlSecNssKeySlotPtr keySlot 337+) ; 338+ 339+XMLSEC_CRYPTO_EXPORT int 340+xmlSecNssKeySlotSetSlot( 341+ xmlSecNssKeySlotPtr keySlot , 342+ PK11SlotInfo* slot 343+) ; 344+ 345+XMLSEC_CRYPTO_EXPORT int 346+xmlSecNssKeySlotInitialize( 347+ xmlSecNssKeySlotPtr keySlot , 348+ PK11SlotInfo* slot 349+) ; 350+ 351+XMLSEC_CRYPTO_EXPORT void 352+xmlSecNssKeySlotFinalize( 353+ xmlSecNssKeySlotPtr keySlot 354+) ; 355+ 356+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* 357+xmlSecNssKeySlotGetSlot( 358+ xmlSecNssKeySlotPtr keySlot 359+) ; 360+ 361+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr 362+xmlSecNssKeySlotCreate() ; 363+ 364+XMLSEC_CRYPTO_EXPORT int 365+xmlSecNssKeySlotCopy( 366+ xmlSecNssKeySlotPtr newKeySlot , 367+ xmlSecNssKeySlotPtr keySlot 368+) ; 369+ 370+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr 371+xmlSecNssKeySlotDuplicate( 372+ xmlSecNssKeySlotPtr keySlot 373+) ; 374+ 375+XMLSEC_CRYPTO_EXPORT void 376+xmlSecNssKeySlotDestroy( 377+ xmlSecNssKeySlotPtr keySlot 378+) ; 379+ 380+XMLSEC_CRYPTO_EXPORT int 381+xmlSecNssKeySlotBindMech( 382+ xmlSecNssKeySlotPtr keySlot , 383+ CK_MECHANISM_TYPE type 384+) ; 385+ 386+XMLSEC_CRYPTO_EXPORT int 387+xmlSecNssKeySlotSupportMech( 388+ xmlSecNssKeySlotPtr keySlot , 389+ CK_MECHANISM_TYPE type 390+) ; 391+ 392+ 393+/************************************************************************ 394+ * PKCS#11 crypto token interfaces 395+ * 396+ * A PKCS#11 slot repository will be defined internally. From the 397+ * repository, a user can specify a particular slot for a certain crypto 398+ * mechanism. 399+ * 400+ * In some situation, some cryptographic operation should act in a user 401+ * designated devices. The interfaces defined here provide the way. If 402+ * the user do not initialize the repository distinctly, the interfaces 403+ * use the default functions provided by NSS itself. 404+ * 405+ ************************************************************************/ 406+/** 407+ * Initialize NSS pkcs#11 slot repository 408+ * 409+ * Returns 0 if success or -1 if an error occurs. 410+ */ 411+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; 412+ 413+/** 414+ * Shutdown and destroy NSS pkcs#11 slot repository 415+ */ 416+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; 417+ 418+/** 419+ * Get PKCS#11 slot handler 420+ * @type the mechanism that the slot must support. 421+ * 422+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. 423+ * 424+ * Notes: The returned handler must be destroied distinctly. 425+ */ 426+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; 427+ 428+/** 429+ * Adopt a pkcs#11 slot with a mechanism into the repository 430+ * @slot: the pkcs#11 slot. 431+ * @mech: the mechanism. 432+ * 433+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with 434+ * this mechanism only can perform on the @slot. 435+ * 436+ * Returns 0 if success or -1 if an error occurs. 437+ */ 438+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; 439+ 440+#ifdef __cplusplus 441+} 442+#endif /* __cplusplus */ 443+ 444+#endif /* __XMLSEC_NSS_TOKENS_H__ */ 445+ 446--- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200 447+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200 448@@ -1 +1,236 @@ 449-dummy 450+/** 451+ * XMLSec library 452+ * 453+ * This is free software; see Copyright file in the source 454+ * distribution for preciese wording. 455+ * 456+ * Copyright......................... 457+ */ 458+#include "globals.h" 459+ 460+#include <xmlsec/xmlsec.h> 461+#include <xmlsec/keys.h> 462+#include <xmlsec/keysmngr.h> 463+#include <xmlsec/transforms.h> 464+#include <xmlsec/errors.h> 465+ 466+#include <xmlsec/mscrypto/crypto.h> 467+#include <xmlsec/mscrypto/keysstore.h> 468+#include <xmlsec/mscrypto/akmngr.h> 469+#include <xmlsec/mscrypto/x509.h> 470+ 471+/** 472+ * xmlSecMSCryptoAppliedKeysMngrCreate: 473+ * @hKeyStore: the pointer to key store. 474+ * @hCertStore: the pointer to certificate database. 475+ * 476+ * Create and load key store and certificate database into keys manager 477+ * 478+ * Returns keys manager pointer on success or NULL otherwise. 479+ */ 480+xmlSecKeysMngrPtr 481+xmlSecMSCryptoAppliedKeysMngrCreate( 482+ HCERTSTORE hKeyStore , 483+ HCERTSTORE hCertStore 484+) { 485+ xmlSecKeyDataStorePtr certStore = NULL ; 486+ xmlSecKeysMngrPtr keyMngr = NULL ; 487+ xmlSecKeyStorePtr keyStore = NULL ; 488+ 489+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; 490+ if( keyStore == NULL ) { 491+ xmlSecError( XMLSEC_ERRORS_HERE , 492+ NULL , 493+ "xmlSecKeyStoreCreate" , 494+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 495+ XMLSEC_ERRORS_NO_MESSAGE ) ; 496+ return NULL ; 497+ } 498+ 499+ /*- 500+ * At present, MS Crypto engine do not provide a way to setup a key store. 501+ */ 502+ if( keyStore != NULL ) { 503+ /*TODO: binding key store.*/ 504+ } 505+ 506+ keyMngr = xmlSecKeysMngrCreate() ; 507+ if( keyMngr == NULL ) { 508+ xmlSecError( XMLSEC_ERRORS_HERE , 509+ NULL , 510+ "xmlSecKeysMngrCreate" , 511+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 512+ XMLSEC_ERRORS_NO_MESSAGE ) ; 513+ 514+ xmlSecKeyStoreDestroy( keyStore ) ; 515+ return NULL ; 516+ } 517+ 518+ /*- 519+ * Add key store to manager, from now on keys manager destroys the store if 520+ * needed 521+ */ 522+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { 523+ xmlSecError( XMLSEC_ERRORS_HERE , 524+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 525+ "xmlSecKeysMngrAdoptKeyStore" , 526+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 527+ XMLSEC_ERRORS_NO_MESSAGE ) ; 528+ 529+ xmlSecKeyStoreDestroy( keyStore ) ; 530+ xmlSecKeysMngrDestroy( keyMngr ) ; 531+ return NULL ; 532+ } 533+ 534+ /*- 535+ * Initialize crypto library specific data in keys manager 536+ */ 537+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { 538+ xmlSecError( XMLSEC_ERRORS_HERE , 539+ NULL , 540+ "xmlSecMSCryptoKeysMngrInit" , 541+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 542+ XMLSEC_ERRORS_NO_MESSAGE ) ; 543+ 544+ xmlSecKeysMngrDestroy( keyMngr ) ; 545+ return NULL ; 546+ } 547+ 548+ /*- 549+ * Set certificate databse to X509 key data store 550+ */ 551+ /*- 552+ * At present, MS Crypto engine do not provide a way to setup a cert store. 553+ */ 554+ 555+ /*- 556+ * Set the getKey callback 557+ */ 558+ keyMngr->getKey = xmlSecKeysMngrGetKey ; 559+ 560+ return keyMngr ; 561+} 562+ 563+int 564+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( 565+ xmlSecKeysMngrPtr mngr , 566+ HCRYPTKEY symKey 567+) { 568+ /*TODO: import the key into keys manager.*/ 569+ return(0) ; 570+} 571+ 572+int 573+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( 574+ xmlSecKeysMngrPtr mngr , 575+ HCRYPTKEY pubKey 576+) { 577+ /*TODO: import the key into keys manager.*/ 578+ return(0) ; 579+} 580+ 581+int 582+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( 583+ xmlSecKeysMngrPtr mngr , 584+ HCRYPTKEY priKey 585+) { 586+ /*TODO: import the key into keys manager.*/ 587+ return(0) ; 588+} 589+ 590+int 591+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( 592+ xmlSecKeysMngrPtr mngr , 593+ HCERTSTORE keyStore 594+) { 595+ xmlSecKeyDataStorePtr x509Store ; 596+ 597+ xmlSecAssert2( mngr != NULL, -1 ) ; 598+ xmlSecAssert2( keyStore != NULL, -1 ) ; 599+ 600+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; 601+ if( x509Store == NULL ) { 602+ xmlSecError( XMLSEC_ERRORS_HERE , 603+ NULL , 604+ "xmlSecKeysMngrGetDataStore" , 605+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 606+ XMLSEC_ERRORS_NO_MESSAGE ) ; 607+ return( -1 ) ; 608+ } 609+ 610+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { 611+ xmlSecError( XMLSEC_ERRORS_HERE , 612+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , 613+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , 614+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 615+ XMLSEC_ERRORS_NO_MESSAGE ) ; 616+ return( -1 ) ; 617+ } 618+ 619+ return( 0 ) ; 620+} 621+ 622+int 623+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( 624+ xmlSecKeysMngrPtr mngr , 625+ HCERTSTORE trustedStore 626+) { 627+ xmlSecKeyDataStorePtr x509Store ; 628+ 629+ xmlSecAssert2( mngr != NULL, -1 ) ; 630+ xmlSecAssert2( trustedStore != NULL, -1 ) ; 631+ 632+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; 633+ if( x509Store == NULL ) { 634+ xmlSecError( XMLSEC_ERRORS_HERE , 635+ NULL , 636+ "xmlSecKeysMngrGetDataStore" , 637+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 638+ XMLSEC_ERRORS_NO_MESSAGE ) ; 639+ return( -1 ) ; 640+ } 641+ 642+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { 643+ xmlSecError( XMLSEC_ERRORS_HERE , 644+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , 645+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , 646+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 647+ XMLSEC_ERRORS_NO_MESSAGE ) ; 648+ return( -1 ) ; 649+ } 650+ 651+ return( 0 ) ; 652+} 653+ 654+int 655+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( 656+ xmlSecKeysMngrPtr mngr , 657+ HCERTSTORE untrustedStore 658+) { 659+ xmlSecKeyDataStorePtr x509Store ; 660+ 661+ xmlSecAssert2( mngr != NULL, -1 ) ; 662+ xmlSecAssert2( untrustedStore != NULL, -1 ) ; 663+ 664+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; 665+ if( x509Store == NULL ) { 666+ xmlSecError( XMLSEC_ERRORS_HERE , 667+ NULL , 668+ "xmlSecKeysMngrGetDataStore" , 669+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 670+ XMLSEC_ERRORS_NO_MESSAGE ) ; 671+ return( -1 ) ; 672+ } 673+ 674+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { 675+ xmlSecError( XMLSEC_ERRORS_HERE , 676+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , 677+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , 678+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 679+ XMLSEC_ERRORS_NO_MESSAGE ) ; 680+ return( -1 ) ; 681+ } 682+ 683+ return( 0 ) ; 684+} 685+ 686--- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 687+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200 688@@ -35,6 +35,9 @@ 689 kw_des.c \ 690 kw_aes.c \ 691 globals.h \ 692+ akmngr.c \ 693+ keywrapers.c \ 694+ tokens.c \ 695 $(NULL) 696 697 if SHAREDLIB_HACK 698--- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200 699+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200 700@@ -72,7 +72,8 @@ 701 am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \ 702 digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ 703 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ 704- ../strings.c 705+ ../strings.c \ 706+ akmngr.c keywrapers.c tokens.c 707 am__objects_1 = 708 @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo 709 am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ 710@@ -83,6 +84,8 @@ 711 libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \ 712 libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \ 713 libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \ 714+ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \ 715+ libxmlsec1_nss_la-tokens.lo \ 716 $(am__objects_1) $(am__objects_2) 717 libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) 718 libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ 719@@ -333,6 +336,7 @@ 720 libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \ 721 digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ 722 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ 723+ akmngr.c keywrapers.c tokens.c \ 724 $(NULL) $(am__append_1) 725 libxmlsec1_nss_la_LIBADD = \ 726 ../libxmlsec1.la \ 727@@ -439,6 +443,9 @@ 728 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ 729 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ 730 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ 731+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@ 732+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@ 733+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@ 734 735 .c.o: 736 @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< 737@@ -468,6 +475,27 @@ 738 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 739 @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c 740 741+libxmlsec1_nss_la-akmngr.lo: akmngr.c 742+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ 743+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi 744+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ 745+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 746+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c 747+ 748+libxmlsec1_nss_la-keywrapers.lo: keywrapers.c 749+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \ 750+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi 751+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@ 752+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 753+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c 754+ 755+libxmlsec1_nss_la-tokens.lo: tokens.c 756+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \ 757+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi 758+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@ 759+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ 760+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c 761+ 762 libxmlsec1_nss_la-bignum.lo: bignum.c 763 @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c 764 @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo 765--- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200 766+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200 767@@ -1 +1,384 @@ 768-dummy 769+/** 770+ * XMLSec library 771+ * 772+ * This is free software; see Copyright file in the source 773+ * distribution for preciese wording. 774+ * 775+ * Copyright......................... 776+ */ 777+#include "globals.h" 778+ 779+#include <nspr.h> 780+#include <nss.h> 781+#include <pk11func.h> 782+#include <cert.h> 783+#include <keyhi.h> 784+ 785+#include <xmlsec/xmlsec.h> 786+#include <xmlsec/keys.h> 787+#include <xmlsec/transforms.h> 788+#include <xmlsec/errors.h> 789+ 790+#include <xmlsec/nss/crypto.h> 791+#include <xmlsec/nss/tokens.h> 792+#include <xmlsec/nss/akmngr.h> 793+#include <xmlsec/nss/pkikeys.h> 794+#include <xmlsec/nss/ciphers.h> 795+#include <xmlsec/nss/keysstore.h> 796+ 797+/** 798+ * xmlSecNssAppliedKeysMngrCreate: 799+ * @slot: array of pointers to NSS PKCS#11 slot information. 800+ * @cSlots: number of slots in the array 801+ * @handler: the pointer to NSS certificate database. 802+ * 803+ * Create and load NSS crypto slot and certificate database into keys manager 804+ * 805+ * Returns keys manager pointer on success or NULL otherwise. 806+ */ 807+xmlSecKeysMngrPtr 808+xmlSecNssAppliedKeysMngrCreate( 809+ PK11SlotInfo** slots, 810+ int cSlots, 811+ CERTCertDBHandle* handler 812+) { 813+ xmlSecKeyDataStorePtr certStore = NULL ; 814+ xmlSecKeysMngrPtr keyMngr = NULL ; 815+ xmlSecKeyStorePtr keyStore = NULL ; 816+ int islot = 0; 817+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; 818+ if( keyStore == NULL ) { 819+ xmlSecError( XMLSEC_ERRORS_HERE , 820+ NULL , 821+ "xmlSecKeyStoreCreate" , 822+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 823+ XMLSEC_ERRORS_NO_MESSAGE ) ; 824+ return NULL ; 825+ } 826+ 827+ for (islot = 0; islot < cSlots; islot++) 828+ { 829+ xmlSecNssKeySlotPtr keySlot ; 830+ 831+ /* Create a key slot */ 832+ keySlot = xmlSecNssKeySlotCreate() ; 833+ if( keySlot == NULL ) { 834+ xmlSecError( XMLSEC_ERRORS_HERE , 835+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 836+ "xmlSecNssKeySlotCreate" , 837+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 838+ XMLSEC_ERRORS_NO_MESSAGE ) ; 839+ 840+ xmlSecKeyStoreDestroy( keyStore ) ; 841+ return NULL ; 842+ } 843+ 844+ /* Set slot */ 845+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { 846+ xmlSecError( XMLSEC_ERRORS_HERE , 847+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 848+ "xmlSecNssKeySlotSetSlot" , 849+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 850+ XMLSEC_ERRORS_NO_MESSAGE ) ; 851+ 852+ xmlSecKeyStoreDestroy( keyStore ) ; 853+ xmlSecNssKeySlotDestroy( keySlot ) ; 854+ return NULL ; 855+ } 856+ 857+ /* Adopt keySlot */ 858+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { 859+ xmlSecError( XMLSEC_ERRORS_HERE , 860+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 861+ "xmlSecNssKeysStoreAdoptKeySlot" , 862+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 863+ XMLSEC_ERRORS_NO_MESSAGE ) ; 864+ 865+ xmlSecKeyStoreDestroy( keyStore ) ; 866+ xmlSecNssKeySlotDestroy( keySlot ) ; 867+ return NULL ; 868+ } 869+ } 870+ 871+ keyMngr = xmlSecKeysMngrCreate() ; 872+ if( keyMngr == NULL ) { 873+ xmlSecError( XMLSEC_ERRORS_HERE , 874+ NULL , 875+ "xmlSecKeysMngrCreate" , 876+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 877+ XMLSEC_ERRORS_NO_MESSAGE ) ; 878+ 879+ xmlSecKeyStoreDestroy( keyStore ) ; 880+ return NULL ; 881+ } 882+ 883+ /*- 884+ * Add key store to manager, from now on keys manager destroys the store if 885+ * needed 886+ */ 887+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { 888+ xmlSecError( XMLSEC_ERRORS_HERE , 889+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 890+ "xmlSecKeysMngrAdoptKeyStore" , 891+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 892+ XMLSEC_ERRORS_NO_MESSAGE ) ; 893+ 894+ xmlSecKeyStoreDestroy( keyStore ) ; 895+ xmlSecKeysMngrDestroy( keyMngr ) ; 896+ return NULL ; 897+ } 898+ 899+ /*- 900+ * Initialize crypto library specific data in keys manager 901+ */ 902+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { 903+ xmlSecError( XMLSEC_ERRORS_HERE , 904+ NULL , 905+ "xmlSecKeysMngrCreate" , 906+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 907+ XMLSEC_ERRORS_NO_MESSAGE ) ; 908+ 909+ xmlSecKeysMngrDestroy( keyMngr ) ; 910+ return NULL ; 911+ } 912+ 913+ /*- 914+ * Set certificate databse to X509 key data store 915+ */ 916+ /** 917+ * Because Tej's implementation of certDB use the default DB, so I ignore 918+ * the certDB handler at present. I'll modify the cert store sources to 919+ * accept particular certDB instead of default ones. 920+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; 921+ if( certStore == NULL ) { 922+ xmlSecError( XMLSEC_ERRORS_HERE , 923+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 924+ "xmlSecKeysMngrGetDataStore" , 925+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 926+ XMLSEC_ERRORS_NO_MESSAGE ) ; 927+ 928+ xmlSecKeysMngrDestroy( keyMngr ) ; 929+ return NULL ; 930+ } 931+ 932+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { 933+ xmlSecError( XMLSEC_ERRORS_HERE , 934+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , 935+ "xmlSecNssKeyDataStoreX509SetCertDb" , 936+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 937+ XMLSEC_ERRORS_NO_MESSAGE ) ; 938+ 939+ xmlSecKeysMngrDestroy( keyMngr ) ; 940+ return NULL ; 941+ } 942+ */ 943+ 944+ /*- 945+ * Set the getKey callback 946+ */ 947+ keyMngr->getKey = xmlSecKeysMngrGetKey ; 948+ 949+ return keyMngr ; 950+} 951+ 952+int 953+xmlSecNssAppliedKeysMngrSymKeyLoad( 954+ xmlSecKeysMngrPtr mngr , 955+ PK11SymKey* symKey 956+) { 957+ xmlSecKeyPtr key ; 958+ xmlSecKeyDataPtr data ; 959+ xmlSecKeyStorePtr keyStore ; 960+ 961+ xmlSecAssert2( mngr != NULL , -1 ) ; 962+ xmlSecAssert2( symKey != NULL , -1 ) ; 963+ 964+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; 965+ if( keyStore == NULL ) { 966+ xmlSecError( XMLSEC_ERRORS_HERE , 967+ NULL , 968+ "xmlSecKeysMngrGetKeysStore" , 969+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 970+ XMLSEC_ERRORS_NO_MESSAGE ) ; 971+ return(-1) ; 972+ } 973+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; 974+ 975+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; 976+ if( data == NULL ) { 977+ xmlSecError( XMLSEC_ERRORS_HERE , 978+ NULL , 979+ "xmlSecNssSymKeyDataKeyAdopt" , 980+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 981+ XMLSEC_ERRORS_NO_MESSAGE ) ; 982+ return(-1) ; 983+ } 984+ 985+ key = xmlSecKeyCreate() ; 986+ if( key == NULL ) { 987+ xmlSecError( XMLSEC_ERRORS_HERE , 988+ NULL , 989+ "xmlSecNssSymKeyDataKeyAdopt" , 990+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 991+ XMLSEC_ERRORS_NO_MESSAGE ) ; 992+ xmlSecKeyDataDestroy( data ) ; 993+ return(-1) ; 994+ } 995+ 996+ if( xmlSecKeySetValue( key , data ) < 0 ) { 997+ xmlSecError( XMLSEC_ERRORS_HERE , 998+ NULL , 999+ "xmlSecNssSymKeyDataKeyAdopt" , 1000+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1001+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1002+ xmlSecKeyDataDestroy( data ) ; 1003+ return(-1) ; 1004+ } 1005+ 1006+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { 1007+ xmlSecError( XMLSEC_ERRORS_HERE , 1008+ NULL , 1009+ "xmlSecNssSymKeyDataKeyAdopt" , 1010+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1011+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1012+ xmlSecKeyDestroy( key ) ; 1013+ return(-1) ; 1014+ } 1015+ 1016+ return(0) ; 1017+} 1018+ 1019+int 1020+xmlSecNssAppliedKeysMngrPubKeyLoad( 1021+ xmlSecKeysMngrPtr mngr , 1022+ SECKEYPublicKey* pubKey 1023+) { 1024+ xmlSecKeyPtr key ; 1025+ xmlSecKeyDataPtr data ; 1026+ xmlSecKeyStorePtr keyStore ; 1027+ 1028+ xmlSecAssert2( mngr != NULL , -1 ) ; 1029+ xmlSecAssert2( pubKey != NULL , -1 ) ; 1030+ 1031+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; 1032+ if( keyStore == NULL ) { 1033+ xmlSecError( XMLSEC_ERRORS_HERE , 1034+ NULL , 1035+ "xmlSecKeysMngrGetKeysStore" , 1036+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1037+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1038+ return(-1) ; 1039+ } 1040+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; 1041+ 1042+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; 1043+ if( data == NULL ) { 1044+ xmlSecError( XMLSEC_ERRORS_HERE , 1045+ NULL , 1046+ "xmlSecNssPKIAdoptKey" , 1047+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1048+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1049+ return(-1) ; 1050+ } 1051+ 1052+ key = xmlSecKeyCreate() ; 1053+ if( key == NULL ) { 1054+ xmlSecError( XMLSEC_ERRORS_HERE , 1055+ NULL , 1056+ "xmlSecNssSymKeyDataKeyAdopt" , 1057+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1058+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1059+ xmlSecKeyDataDestroy( data ) ; 1060+ return(-1) ; 1061+ } 1062+ 1063+ if( xmlSecKeySetValue( key , data ) < 0 ) { 1064+ xmlSecError( XMLSEC_ERRORS_HERE , 1065+ NULL , 1066+ "xmlSecNssSymKeyDataKeyAdopt" , 1067+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1068+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1069+ xmlSecKeyDataDestroy( data ) ; 1070+ return(-1) ; 1071+ } 1072+ 1073+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { 1074+ xmlSecError( XMLSEC_ERRORS_HERE , 1075+ NULL , 1076+ "xmlSecNssSymKeyDataKeyAdopt" , 1077+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1078+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1079+ xmlSecKeyDestroy( key ) ; 1080+ return(-1) ; 1081+ } 1082+ 1083+ return(0) ; 1084+} 1085+ 1086+int 1087+xmlSecNssAppliedKeysMngrPriKeyLoad( 1088+ xmlSecKeysMngrPtr mngr , 1089+ SECKEYPrivateKey* priKey 1090+) { 1091+ xmlSecKeyPtr key ; 1092+ xmlSecKeyDataPtr data ; 1093+ xmlSecKeyStorePtr keyStore ; 1094+ 1095+ xmlSecAssert2( mngr != NULL , -1 ) ; 1096+ xmlSecAssert2( priKey != NULL , -1 ) ; 1097+ 1098+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; 1099+ if( keyStore == NULL ) { 1100+ xmlSecError( XMLSEC_ERRORS_HERE , 1101+ NULL , 1102+ "xmlSecKeysMngrGetKeysStore" , 1103+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1104+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1105+ return(-1) ; 1106+ } 1107+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; 1108+ 1109+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; 1110+ if( data == NULL ) { 1111+ xmlSecError( XMLSEC_ERRORS_HERE , 1112+ NULL , 1113+ "xmlSecNssPKIAdoptKey" , 1114+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1115+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1116+ return(-1) ; 1117+ } 1118+ 1119+ key = xmlSecKeyCreate() ; 1120+ if( key == NULL ) { 1121+ xmlSecError( XMLSEC_ERRORS_HERE , 1122+ NULL , 1123+ "xmlSecNssSymKeyDataKeyAdopt" , 1124+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1125+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1126+ xmlSecKeyDataDestroy( data ) ; 1127+ return(-1) ; 1128+ } 1129+ 1130+ if( xmlSecKeySetValue( key , data ) < 0 ) { 1131+ xmlSecError( XMLSEC_ERRORS_HERE , 1132+ NULL , 1133+ "xmlSecNssSymKeyDataKeyAdopt" , 1134+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1135+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1136+ xmlSecKeyDataDestroy( data ) ; 1137+ return(-1) ; 1138+ } 1139+ 1140+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { 1141+ xmlSecError( XMLSEC_ERRORS_HERE , 1142+ NULL , 1143+ "xmlSecNssSymKeyDataKeyAdopt" , 1144+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1145+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1146+ xmlSecKeyDestroy( key ) ; 1147+ return(-1) ; 1148+ } 1149+ 1150+ return(0) ; 1151+} 1152+ 1153--- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200 1154+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200 1155@@ -23,8 +23,8 @@ 1156 #include <xmlsec/transforms.h> 1157 #include <xmlsec/errors.h> 1158 1159-#include <xmlsec/nss/app.h> 1160 #include <xmlsec/nss/crypto.h> 1161+#include <xmlsec/nss/tokens.h> 1162 1163 /* sizes in bits */ 1164 #define XMLSEC_NSS_MIN_HMAC_SIZE 80 1165@@ -286,13 +286,13 @@ 1166 keyItem.data = xmlSecBufferGetData(buffer); 1167 keyItem.len = xmlSecBufferGetSize(buffer); 1168 1169- slot = PK11_GetBestSlot(ctx->digestType, NULL); 1170+ slot = xmlSecNssSlotGet(ctx->digestType); 1171 if(slot == NULL) { 1172 xmlSecError(XMLSEC_ERRORS_HERE, 1173 xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 1174- "PK11_GetBestSlot", 1175+ "xmlSecNssSlotGet", 1176 XMLSEC_ERRORS_R_CRYPTO_FAILED, 1177- XMLSEC_ERRORS_NO_MESSAGE); 1178+ "error code=%d", PORT_GetError()); 1179 return(-1); 1180 } 1181 1182--- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200 1183+++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200 1184@@ -1,36 +1,56 @@ 1185 /** 1186 * XMLSec library 1187 * 1188- * Nss keys store that uses Simple Keys Store under the hood. Uses the 1189- * Nss DB as a backing store for the finding keys, but the NSS DB is 1190- * not written to by the keys store. 1191- * So, if store->findkey is done and the key is not found in the simple 1192- * keys store, the NSS DB is looked up. 1193- * If store is called to adopt a key, that key is not written to the NSS 1194- * DB. 1195- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate 1196- * source of keys for xmlsec 1197- * 1198 * This is free software; see Copyright file in the source 1199 * distribution for precise wording. 1200 * 1201 * Copyright (c) 2003 America Online, Inc. All rights reserved. 1202 */ 1203+ 1204+/** 1205+ * NSS key store uses a key list and a slot list as the key repository. NSS slot 1206+ * list is a backup repository for the finding keys. If a key is not found from 1207+ * the key list, the NSS slot list is looked up. 1208+ * 1209+ * Any key in the key list will not save to pkcs11 slot. When a store to called 1210+ * to adopt a key, the key is resident in the key list; While a store to called 1211+ * to set a is resident in the key list; While a store to called to set a slot 1212+ * list, which means that the keys in the listed slot can be used for xml sign- 1213+ * nature or encryption. 1214+ * 1215+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. 1216+ * 1217+ * The framework will decrease the user interfaces to administrate xmlSec crypto 1218+ * engine. He can only focus on NSS layer functions. For examples, after the 1219+ * user set up a slot list handler to the keys store, he do not need to do any 1220+ * other work atop xmlSec interfaces, his action on the slot list handler, such 1221+ * as add a token to, delete a token from the list, will directly effect the key 1222+ * store behaviors. 1223+ * 1224+ * For example, a scenariio: 1225+ * 0. Create a slot list;( NSS interfaces ) 1226+ * 1. Create a keys store;( xmlSec interfaces ) 1227+ * 2. Set slot list with the keys store;( xmlSec Interfaces ) 1228+ * 3. Add a slot to the slot list;( NSS interfaces ) 1229+ * 4. Perform xml signature; ( xmlSec Interfaces ) 1230+ * 5. Deleter a slot from the slot list;( NSS interfaces ) 1231+ * 6. Perform xml encryption; ( xmlSec Interfaces ) 1232+ * 7. Perform xml signature;( xmlSec Interfaces ) 1233+ * 8. Destroy the keys store;( xmlSec Interfaces ) 1234+ * 8. Destroy the slot list.( NSS Interfaces ) 1235+ */ 1236 #include "globals.h" 1237 1238 #include <stdlib.h> 1239 #include <string.h> 1240 1241 #include <nss.h> 1242-#include <cert.h> 1243 #include <pk11func.h> 1244+#include <prinit.h> 1245 #include <keyhi.h> 1246 1247-#include <libxml/tree.h> 1248- 1249 #include <xmlsec/xmlsec.h> 1250-#include <xmlsec/buffer.h> 1251-#include <xmlsec/base64.h> 1252+#include <xmlsec/keys.h> 1253 #include <xmlsec/errors.h> 1254 #include <xmlsec/xmltree.h> 1255 1256@@ -38,82 +58,461 @@ 1257 1258 #include <xmlsec/nss/crypto.h> 1259 #include <xmlsec/nss/keysstore.h> 1260-#include <xmlsec/nss/x509.h> 1261+#include <xmlsec/nss/tokens.h> 1262+#include <xmlsec/nss/ciphers.h> 1263 #include <xmlsec/nss/pkikeys.h> 1264 1265 /**************************************************************************** 1266 * 1267- * Nss Keys Store. Uses Simple Keys Store under the hood 1268+ * Internal NSS key store context 1269 * 1270- * Simple Keys Store ptr is located after xmlSecKeyStore 1271+ * This context is located after xmlSecKeyStore 1272 * 1273 ***************************************************************************/ 1274+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; 1275+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; 1276+ 1277+struct _xmlSecNssKeysStoreCtx { 1278+ xmlSecPtrListPtr keyList ; 1279+ xmlSecPtrListPtr slotList ; 1280+} ; 1281+ 1282 #define xmlSecNssKeysStoreSize \ 1283- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) 1284+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) 1285 1286-#define xmlSecNssKeysStoreGetSS(store) \ 1287- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ 1288- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ 1289- (xmlSecKeyStorePtr*)NULL) 1290- 1291-static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); 1292-static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); 1293-static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, 1294- const xmlChar* name, 1295- xmlSecKeyInfoCtxPtr keyInfoCtx); 1296+#define xmlSecNssKeysStoreGetCtx( data ) \ 1297+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) 1298 1299-static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { 1300- sizeof(xmlSecKeyStoreKlass), 1301- xmlSecNssKeysStoreSize, 1302+int xmlSecNssKeysStoreAdoptKeySlot( 1303+ xmlSecKeyStorePtr store , 1304+ xmlSecNssKeySlotPtr keySlot 1305+) { 1306+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1307+ 1308+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; 1309+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; 1310+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1311+ if( context == NULL ) { 1312+ xmlSecError( XMLSEC_ERRORS_HERE , 1313+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1314+ "xmlSecNssKeysStoreGetCtx" , 1315+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1316+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1317+ return -1 ; 1318+ } 1319+ 1320+ if( context->slotList == NULL ) { 1321+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { 1322+ xmlSecError( XMLSEC_ERRORS_HERE , 1323+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1324+ "xmlSecPtrListCreate" , 1325+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1326+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1327+ return -1 ; 1328+ } 1329+ } 1330+ 1331+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { 1332+ xmlSecError( XMLSEC_ERRORS_HERE , 1333+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1334+ "xmlSecPtrListCheckId" , 1335+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1336+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1337+ return -1 ; 1338+ } 1339+ 1340+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { 1341+ xmlSecError( XMLSEC_ERRORS_HERE , 1342+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1343+ "xmlSecPtrListAdd" , 1344+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1345+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1346+ return -1 ; 1347+ } 1348+ return 0 ; 1349+} 1350 1351- /* data */ 1352- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ 1353- 1354- /* constructors/destructor */ 1355- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ 1356- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ 1357- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ 1358- 1359- /* reserved for the future */ 1360- NULL, /* void* reserved0; */ 1361- NULL, /* void* reserved1; */ 1362-}; 1363+int xmlSecNssKeysStoreAdoptKey( 1364+ xmlSecKeyStorePtr store , 1365+ xmlSecKeyPtr key 1366+) { 1367+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1368+ 1369+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; 1370+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; 1371+ 1372+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1373+ if( context == NULL ) { 1374+ xmlSecError( XMLSEC_ERRORS_HERE , 1375+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1376+ "xmlSecNssKeysStoreGetCtx" , 1377+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1378+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1379+ return -1 ; 1380+ } 1381+ 1382+ if( context->keyList == NULL ) { 1383+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { 1384+ xmlSecError( XMLSEC_ERRORS_HERE , 1385+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1386+ "xmlSecPtrListCreate" , 1387+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1388+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1389+ return -1 ; 1390+ } 1391+ } 1392+ 1393+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { 1394+ xmlSecError( XMLSEC_ERRORS_HERE , 1395+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1396+ "xmlSecPtrListCheckId" , 1397+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1398+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1399+ return -1 ; 1400+ } 1401+ 1402+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { 1403+ xmlSecError( XMLSEC_ERRORS_HERE , 1404+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1405+ "xmlSecPtrListAdd" , 1406+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1407+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1408+ return -1 ; 1409+ } 1410 1411-/** 1412- * xmlSecNssKeysStoreGetKlass: 1413- * 1414- * The Nss list based keys store klass. 1415+ return 0 ; 1416+} 1417+ 1418+/* 1419+ * xmlSecKeyStoreInitializeMethod: 1420+ * @store: the store. 1421+ * 1422+ * Keys store specific initialization method. 1423 * 1424- * Returns: Nss list based keys store klass. 1425+ * Returns 0 on success or a negative value if an error occurs. 1426 */ 1427-xmlSecKeyStoreId 1428-xmlSecNssKeysStoreGetKlass(void) { 1429- return(&xmlSecNssKeysStoreKlass); 1430+static int 1431+xmlSecNssKeysStoreInitialize( 1432+ xmlSecKeyStorePtr store 1433+) { 1434+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1435+ 1436+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; 1437+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; 1438+ 1439+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1440+ if( context == NULL ) { 1441+ xmlSecError( XMLSEC_ERRORS_HERE , 1442+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1443+ "xmlSecNssKeysStoreGetCtx" , 1444+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1445+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1446+ return -1 ; 1447+ } 1448+ 1449+ context->keyList = NULL ; 1450+ context->slotList = NULL ; 1451+ 1452+ return 0 ; 1453 } 1454 1455 /** 1456- * xmlSecNssKeysStoreAdoptKey: 1457- * @store: the pointer to Nss keys store. 1458- * @key: the pointer to key. 1459- * 1460- * Adds @key to the @store. 1461 * 1462- * Returns: 0 on success or a negative value if an error occurs. 1463+ * xmlSecKeyStoreFinalizeMethod: 1464+ * @store: the store. 1465+ * 1466+ * Keys store specific finalization (destroy) method. 1467 */ 1468-int 1469-xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { 1470- xmlSecKeyStorePtr *ss; 1471- 1472- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); 1473- xmlSecAssert2((key != NULL), -1); 1474+void 1475+xmlSecNssKeysStoreFinalize( 1476+ xmlSecKeyStorePtr store 1477+) { 1478+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1479+ 1480+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; 1481+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; 1482+ 1483+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1484+ if( context == NULL ) { 1485+ xmlSecError( XMLSEC_ERRORS_HERE , 1486+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1487+ "xmlSecNssKeysStoreGetCtx" , 1488+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1489+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1490+ return ; 1491+ } 1492+ 1493+ if( context->keyList != NULL ) { 1494+ xmlSecPtrListDestroy( context->keyList ) ; 1495+ context->keyList = NULL ; 1496+ } 1497+ 1498+ if( context->slotList != NULL ) { 1499+ xmlSecPtrListDestroy( context->slotList ) ; 1500+ context->slotList = NULL ; 1501+ } 1502+} 1503+ 1504+xmlSecKeyPtr 1505+xmlSecNssKeysStoreFindKeyFromSlot( 1506+ PK11SlotInfo* slot, 1507+ const xmlChar* name, 1508+ xmlSecKeyInfoCtxPtr keyInfoCtx 1509+) { 1510+ xmlSecKeyPtr key = NULL ; 1511+ xmlSecKeyDataPtr data = NULL ; 1512+ int length ; 1513+ 1514+ xmlSecAssert2( slot != NULL , NULL ) ; 1515+ xmlSecAssert2( name != NULL , NULL ) ; 1516+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; 1517+ 1518+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { 1519+ PK11SymKey* symKey ; 1520+ PK11SymKey* curKey ; 1521+ 1522+ /* Find symmetric key from the slot by name */ 1523+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; 1524+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { 1525+ /* Check the key request */ 1526+ length = PK11_GetKeyLength( curKey ) ; 1527+ length *= 8 ; 1528+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && 1529+ ( length > 0 ) && 1530+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) 1531+ continue ; 1532+ 1533+ /* We find a eligible key */ 1534+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; 1535+ if( data == NULL ) { 1536+ /* Do nothing */ 1537+ } 1538+ break ; 1539+ } 1540+ 1541+ /* Destroy the sym key list */ 1542+ for( curKey = symKey ; curKey != NULL ; ) { 1543+ symKey = curKey ; 1544+ curKey = PK11_GetNextSymKey( symKey ) ; 1545+ PK11_FreeSymKey( symKey ) ; 1546+ } 1547+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { 1548+ SECKEYPublicKeyList* pubKeyList ; 1549+ SECKEYPublicKey* pubKey ; 1550+ SECKEYPublicKeyListNode* curPub ; 1551+ 1552+ /* Find asymmetric key from the slot by name */ 1553+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; 1554+ pubKey = NULL ; 1555+ curPub = PUBKEY_LIST_HEAD(pubKeyList); 1556+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { 1557+ /* Check the key request */ 1558+ length = SECKEY_PublicKeyStrength( curPub->key ) ; 1559+ length *= 8 ; 1560+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && 1561+ ( length > 0 ) && 1562+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) 1563+ continue ; 1564+ 1565+ /* We find a eligible key */ 1566+ pubKey = curPub->key ; 1567+ break ; 1568+ } 1569+ 1570+ if( pubKey != NULL ) { 1571+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; 1572+ if( data == NULL ) { 1573+ /* Do nothing */ 1574+ } 1575+ } 1576+ 1577+ /* Destroy the public key list */ 1578+ SECKEY_DestroyPublicKeyList( pubKeyList ) ; 1579+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { 1580+ SECKEYPrivateKeyList* priKeyList = NULL ; 1581+ SECKEYPrivateKey* priKey = NULL ; 1582+ SECKEYPrivateKeyListNode* curPri ; 1583+ 1584+ /* Find asymmetric key from the slot by name */ 1585+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; 1586+ priKey = NULL ; 1587+ curPri = PRIVKEY_LIST_HEAD(priKeyList); 1588+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { 1589+ /* Check the key request */ 1590+ length = PK11_SignatureLen( curPri->key ) ; 1591+ length *= 8 ; 1592+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && 1593+ ( length > 0 ) && 1594+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) 1595+ continue ; 1596+ 1597+ /* We find a eligible key */ 1598+ priKey = curPri->key ; 1599+ break ; 1600+ } 1601+ 1602+ if( priKey != NULL ) { 1603+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; 1604+ if( data == NULL ) { 1605+ /* Do nothing */ 1606+ } 1607+ } 1608+ 1609+ /* Destroy the private key list */ 1610+ SECKEY_DestroyPrivateKeyList( priKeyList ) ; 1611+ } 1612+ 1613+ /* If we have gotten the key value */ 1614+ if( data != NULL ) { 1615+ if( ( key = xmlSecKeyCreate() ) == NULL ) { 1616+ xmlSecError( XMLSEC_ERRORS_HERE , 1617+ NULL , 1618+ "xmlSecKeyCreate" , 1619+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1620+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1621+ 1622+ xmlSecKeyDataDestroy( data ) ; 1623+ return NULL ; 1624+ } 1625+ 1626+ if( xmlSecKeySetValue( key , data ) < 0 ) { 1627+ xmlSecError( XMLSEC_ERRORS_HERE , 1628+ NULL , 1629+ "xmlSecKeySetValue" , 1630+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1631+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1632+ 1633+ xmlSecKeyDestroy( key ) ; 1634+ xmlSecKeyDataDestroy( data ) ; 1635+ return NULL ; 1636+ } 1637+ } 1638 1639- ss = xmlSecNssKeysStoreGetSS(store); 1640- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && 1641- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); 1642+ return(key); 1643+} 1644+ 1645+/** 1646+ * xmlSecKeyStoreFindKeyMethod: 1647+ * @store: the store. 1648+ * @name: the desired key name. 1649+ * @keyInfoCtx: the pointer to key info context. 1650+ * 1651+ * Keys store specific find method. The caller is responsible for destroying 1652+ * the returned key using #xmlSecKeyDestroy method. 1653+ * 1654+ * Returns the pointer to a key or NULL if key is not found or an error occurs. 1655+ */ 1656+static xmlSecKeyPtr 1657+xmlSecNssKeysStoreFindKey( 1658+ xmlSecKeyStorePtr store , 1659+ const xmlChar* name , 1660+ xmlSecKeyInfoCtxPtr keyInfoCtx 1661+) { 1662+ xmlSecNssKeysStoreCtxPtr context = NULL ; 1663+ xmlSecKeyPtr key = NULL ; 1664+ xmlSecNssKeySlotPtr keySlot = NULL ; 1665+ xmlSecSize pos ; 1666+ xmlSecSize size ; 1667+ 1668+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; 1669+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; 1670+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; 1671+ 1672+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1673+ if( context == NULL ) { 1674+ xmlSecError( XMLSEC_ERRORS_HERE , 1675+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1676+ "xmlSecNssKeysStoreGetCtx" , 1677+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1678+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1679+ return NULL ; 1680+ } 1681+ 1682+ /*- 1683+ * Look for key at keyList at first. 1684+ */ 1685+ if( context->keyList != NULL ) { 1686+ size = xmlSecPtrListGetSize( context->keyList ) ; 1687+ for( pos = 0 ; pos < size ; pos ++ ) { 1688+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; 1689+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { 1690+ return xmlSecKeyDuplicate( key ) ; 1691+ } 1692+ } 1693+ } 1694+ 1695+ /*- 1696+ * Find the key from slotList 1697+ */ 1698+ if( context->slotList != NULL ) { 1699+ PK11SlotInfo* slot = NULL ; 1700+ 1701+ size = xmlSecPtrListGetSize( context->slotList ) ; 1702+ for( pos = 0 ; pos < size ; pos ++ ) { 1703+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; 1704+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; 1705+ if( slot == NULL ) { 1706+ continue ; 1707+ } else { 1708+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; 1709+ if( key == NULL ) { 1710+ continue ; 1711+ } else { 1712+ return( key ) ; 1713+ } 1714+ } 1715+ } 1716+ } 1717+ 1718+ /*- 1719+ * Create a session key if we can not find the key from keyList and slotList 1720+ */ 1721+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { 1722+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; 1723+ if( key == NULL ) { 1724+ xmlSecError( XMLSEC_ERRORS_HERE , 1725+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , 1726+ "xmlSecKeySetValue" , 1727+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 1728+ XMLSEC_ERRORS_NO_MESSAGE ) ; 1729+ return NULL ; 1730+ } 1731+ 1732+ return key ; 1733+ } 1734+ 1735+ /** 1736+ * We have no way to find the key any more. 1737+ */ 1738+ return NULL ; 1739+} 1740+ 1741+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { 1742+ sizeof( xmlSecKeyStoreKlass ) , 1743+ xmlSecNssKeysStoreSize , 1744+ BAD_CAST "implicit_nss_keys_store" , 1745+ xmlSecNssKeysStoreInitialize , 1746+ xmlSecNssKeysStoreFinalize , 1747+ xmlSecNssKeysStoreFindKey , 1748+ NULL , 1749+ NULL 1750+} ; 1751 1752- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); 1753+/** 1754+ * xmlSecNssKeysStoreGetKlass: 1755+ * 1756+ * The simple list based keys store klass. 1757+ * 1758+ */ 1759+xmlSecKeyStoreId 1760+xmlSecNssKeysStoreGetKlass( void ) { 1761+ return &xmlSecNssKeysStoreKlass ; 1762 } 1763 1764+/************************** 1765+ * Application routines 1766+ */ 1767+ 1768 /** 1769 * xmlSecNssKeysStoreLoad: 1770 * @store: the pointer to Nss keys store. 1771@@ -252,234 +651,147 @@ 1772 */ 1773 int 1774 xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { 1775- xmlSecKeyStorePtr *ss; 1776+ xmlSecKeyInfoCtx keyInfoCtx; 1777+ xmlSecNssKeysStoreCtxPtr context ; 1778+ xmlSecPtrListPtr list; 1779+ xmlSecKeyPtr key; 1780+ xmlSecSize i, keysSize; 1781+ xmlDocPtr doc; 1782+ xmlNodePtr cur; 1783+ xmlSecKeyDataPtr data; 1784+ xmlSecPtrListPtr idsList; 1785+ xmlSecKeyDataId dataId; 1786+ xmlSecSize idsSize, j; 1787+ int ret; 1788 1789 xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); 1790- xmlSecAssert2((filename != NULL), -1); 1791- 1792- ss = xmlSecNssKeysStoreGetSS(store); 1793- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && 1794- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); 1795- 1796- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); 1797-} 1798- 1799-static int 1800-xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { 1801- xmlSecKeyStorePtr *ss; 1802+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; 1803+ xmlSecAssert2(filename != NULL, -1); 1804 1805- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); 1806+ context = xmlSecNssKeysStoreGetCtx( store ) ; 1807+ xmlSecAssert2( context != NULL, -1 ); 1808 1809- ss = xmlSecNssKeysStoreGetSS(store); 1810- xmlSecAssert2((*ss == NULL), -1); 1811+ list = context->keyList ; 1812+ xmlSecAssert2( list != NULL, -1 ); 1813+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); 1814 1815- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); 1816- if(*ss == NULL) { 1817- xmlSecError(XMLSEC_ERRORS_HERE, 1818+ /* create doc */ 1819+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); 1820+ if(doc == NULL) { 1821+ xmlSecError(XMLSEC_ERRORS_HERE, 1822 xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 1823- "xmlSecKeyStoreCreate", 1824+ "xmlSecCreateTree", 1825 XMLSEC_ERRORS_R_XMLSEC_FAILED, 1826- "xmlSecSimpleKeysStoreId"); 1827+ XMLSEC_ERRORS_NO_MESSAGE); 1828 return(-1); 1829 } 1830 1831- return(0); 1832-} 1833- 1834-static void 1835-xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { 1836- xmlSecKeyStorePtr *ss; 1837- 1838- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); 1839- 1840- ss = xmlSecNssKeysStoreGetSS(store); 1841- xmlSecAssert((ss != NULL) && (*ss != NULL)); 1842- 1843- xmlSecKeyStoreDestroy(*ss); 1844-} 1845- 1846-static xmlSecKeyPtr 1847-xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, 1848- xmlSecKeyInfoCtxPtr keyInfoCtx) { 1849- xmlSecKeyStorePtr* ss; 1850- xmlSecKeyPtr key = NULL; 1851- xmlSecKeyPtr retval = NULL; 1852- xmlSecKeyReqPtr keyReq = NULL; 1853- CERTCertificate *cert = NULL; 1854- SECKEYPublicKey *pubkey = NULL; 1855- SECKEYPrivateKey *privkey = NULL; 1856- xmlSecKeyDataPtr data = NULL; 1857- xmlSecKeyDataPtr x509Data = NULL; 1858- int ret; 1859- 1860- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); 1861- xmlSecAssert2(keyInfoCtx != NULL, NULL); 1862- 1863- ss = xmlSecNssKeysStoreGetSS(store); 1864- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); 1865- 1866- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); 1867- if (key != NULL) { 1868- return (key); 1869- } 1870- 1871- /* Try to find the key in the NSS DB, and construct an xmlSecKey. 1872- * we must have a name to lookup keys in NSS DB. 1873- */ 1874- if (name == NULL) { 1875- goto done; 1876- } 1877+ idsList = xmlSecKeyDataIdsGet(); 1878+ xmlSecAssert2(idsList != NULL, -1); 1879 1880- /* what type of key are we looking for? 1881- * TBD: For now, we'll look only for public/private keys using the 1882- * name as a cert nickname. Later on, we can attempt to find 1883- * symmetric keys using PK11_FindFixedKey 1884- */ 1885- keyReq = &(keyInfoCtx->keyReq); 1886- if (keyReq->keyType & 1887- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { 1888- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); 1889- if (cert == NULL) { 1890- goto done; 1891- } 1892+ keysSize = xmlSecPtrListGetSize(list); 1893+ idsSize = xmlSecPtrListGetSize(idsList); 1894+ for(i = 0; i < keysSize; ++i) { 1895+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); 1896+ xmlSecAssert2(key != NULL, -1); 1897 1898- if (keyReq->keyType & xmlSecKeyDataTypePublic) { 1899- pubkey = CERT_ExtractPublicKey(cert); 1900- if (pubkey == NULL) { 1901+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); 1902+ if(cur == NULL) { 1903 xmlSecError(XMLSEC_ERRORS_HERE, 1904- NULL, 1905- "CERT_ExtractPublicKey", 1906- XMLSEC_ERRORS_R_CRYPTO_FAILED, 1907- XMLSEC_ERRORS_NO_MESSAGE); 1908- goto done; 1909- } 1910+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 1911+ "xmlSecAddChild", 1912+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 1913+ "node=%s", 1914+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); 1915+ xmlFreeDoc(doc); 1916+ return(-1); 1917 } 1918 1919- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { 1920- privkey = PK11_FindKeyByAnyCert(cert, NULL); 1921- if (privkey == NULL) { 1922+ /* special data key name */ 1923+ if(xmlSecKeyGetName(key) != NULL) { 1924+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { 1925 xmlSecError(XMLSEC_ERRORS_HERE, 1926- NULL, 1927- "PK11_FindKeyByAnyCert", 1928- XMLSEC_ERRORS_R_CRYPTO_FAILED, 1929- XMLSEC_ERRORS_NO_MESSAGE); 1930- goto done; 1931+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 1932+ "xmlSecAddChild", 1933+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 1934+ "node=%s", 1935+ xmlSecErrorsSafeString(xmlSecNodeKeyName)); 1936+ xmlFreeDoc(doc); 1937+ return(-1); 1938 } 1939 } 1940 1941- data = xmlSecNssPKIAdoptKey(privkey, pubkey); 1942- if(data == NULL) { 1943- xmlSecError(XMLSEC_ERRORS_HERE, 1944- NULL, 1945- "xmlSecNssPKIAdoptKey", 1946- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1947- XMLSEC_ERRORS_NO_MESSAGE); 1948- goto done; 1949- } 1950- privkey = NULL; 1951- pubkey = NULL; 1952- 1953- key = xmlSecKeyCreate(); 1954- if (key == NULL) { 1955- xmlSecError(XMLSEC_ERRORS_HERE, 1956- NULL, 1957- "xmlSecKeyCreate", 1958- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1959- XMLSEC_ERRORS_NO_MESSAGE); 1960- return (NULL); 1961- } 1962- 1963- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); 1964- if(x509Data == NULL) { 1965- xmlSecError(XMLSEC_ERRORS_HERE, 1966- NULL, 1967- "xmlSecKeyDataCreate", 1968- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1969- "transform=%s", 1970- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); 1971- goto done; 1972- } 1973+ /* create nodes for other keys data */ 1974+ for(j = 0; j < idsSize; ++j) { 1975+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); 1976+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); 1977+ 1978+ if(dataId->dataNodeName == NULL) { 1979+ continue; 1980+ } 1981+ 1982+ data = xmlSecKeyGetData(key, dataId); 1983+ if(data == NULL) { 1984+ continue; 1985+ } 1986 1987- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); 1988- if (ret < 0) { 1989- xmlSecError(XMLSEC_ERRORS_HERE, 1990- NULL, 1991- "xmlSecNssKeyDataX509AdoptKeyCert", 1992- XMLSEC_ERRORS_R_XMLSEC_FAILED, 1993- "data=%s", 1994- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 1995- goto done; 1996- } 1997- cert = CERT_DupCertificate(cert); 1998- if (cert == NULL) { 1999- xmlSecError(XMLSEC_ERRORS_HERE, 2000- NULL, 2001- "CERT_DupCertificate", 2002- XMLSEC_ERRORS_R_CRYPTO_FAILED, 2003- "data=%s", 2004- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 2005- goto done; 2006+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { 2007+ xmlSecError(XMLSEC_ERRORS_HERE, 2008+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2009+ "xmlSecAddChild", 2010+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2011+ "node=%s", 2012+ xmlSecErrorsSafeString(dataId->dataNodeName)); 2013+ xmlFreeDoc(doc); 2014+ return(-1); 2015+ } 2016 } 2017 2018- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); 2019+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); 2020 if (ret < 0) { 2021 xmlSecError(XMLSEC_ERRORS_HERE, 2022- NULL, 2023- "xmlSecNssKeyDataX509AdoptCert", 2024+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2025+ "xmlSecKeyInfoCtxInitialize", 2026 XMLSEC_ERRORS_R_XMLSEC_FAILED, 2027- "data=%s", 2028- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 2029- goto done; 2030+ XMLSEC_ERRORS_NO_MESSAGE); 2031+ xmlFreeDoc(doc); 2032+ return(-1); 2033 } 2034- cert = NULL; 2035 2036- ret = xmlSecKeySetValue(key, data); 2037- if (ret < 0) { 2038- xmlSecError(XMLSEC_ERRORS_HERE, 2039- NULL, 2040- "xmlSecKeySetValue", 2041- XMLSEC_ERRORS_R_XMLSEC_FAILED, 2042- "data=%s", 2043- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); 2044- goto done; 2045- } 2046- data = NULL; 2047+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite; 2048+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; 2049+ keyInfoCtx.keyReq.keyType = type; 2050+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; 2051 2052- ret = xmlSecKeyAdoptData(key, x509Data); 2053+ /* finally write key in the node */ 2054+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); 2055 if (ret < 0) { 2056 xmlSecError(XMLSEC_ERRORS_HERE, 2057- NULL, 2058- "xmlSecKeyAdoptData", 2059+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2060+ "xmlSecKeyInfoNodeWrite", 2061 XMLSEC_ERRORS_R_XMLSEC_FAILED, 2062- "data=%s", 2063- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); 2064- goto done; 2065- } 2066- x509Data = NULL; 2067+ XMLSEC_ERRORS_NO_MESSAGE); 2068+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); 2069+ xmlFreeDoc(doc); 2070+ return(-1); 2071+ } 2072 2073- retval = key; 2074- key = NULL; 2075+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); 2076 } 2077 2078-done: 2079- if (cert != NULL) { 2080- CERT_DestroyCertificate(cert); 2081- } 2082- if (pubkey != NULL) { 2083- SECKEY_DestroyPublicKey(pubkey); 2084- } 2085- if (privkey != NULL) { 2086- SECKEY_DestroyPrivateKey(privkey); 2087- } 2088- if (data != NULL) { 2089- xmlSecKeyDataDestroy(data); 2090- } 2091- if (x509Data != NULL) { 2092- xmlSecKeyDataDestroy(x509Data); 2093- } 2094- if (key != NULL) { 2095- xmlSecKeyDestroy(key); 2096+ /* now write result */ 2097+ ret = xmlSaveFormatFile(filename, doc, 1); 2098+ if (ret < 0) { 2099+ xmlSecError(XMLSEC_ERRORS_HERE, 2100+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), 2101+ "xmlSaveFormatFile", 2102+ XMLSEC_ERRORS_R_XML_FAILED, 2103+ "filename=%s", 2104+ xmlSecErrorsSafeString(filename)); 2105+ xmlFreeDoc(doc); 2106+ return(-1); 2107 } 2108 2109- return (retval); 2110+ xmlFreeDoc(doc); 2111+ return(0); 2112 } 2113--- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200 2114+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200 2115@@ -1 +1,1213 @@ 2116-dummy 2117+/** 2118+ * 2119+ * XMLSec library 2120+ * 2121+ * AES Algorithm support 2122+ * 2123+ * This is free software; see Copyright file in the source 2124+ * distribution for preciese wording. 2125+ * 2126+ * Copyright ................................. 2127+ */ 2128+#include "globals.h" 2129+ 2130+#include <stdlib.h> 2131+#include <stdio.h> 2132+#include <string.h> 2133+ 2134+#include <nss.h> 2135+#include <pk11func.h> 2136+#include <hasht.h> 2137+ 2138+#include <xmlsec/xmlsec.h> 2139+#include <xmlsec/xmltree.h> 2140+#include <xmlsec/keys.h> 2141+#include <xmlsec/transforms.h> 2142+#include <xmlsec/errors.h> 2143+ 2144+#include <xmlsec/nss/crypto.h> 2145+#include <xmlsec/nss/ciphers.h> 2146+ 2147+#define XMLSEC_NSS_AES128_KEY_SIZE 16 2148+#define XMLSEC_NSS_AES192_KEY_SIZE 24 2149+#define XMLSEC_NSS_AES256_KEY_SIZE 32 2150+#define XMLSEC_NSS_DES3_KEY_SIZE 24 2151+#define XMLSEC_NSS_DES3_KEY_LENGTH 24 2152+#define XMLSEC_NSS_DES3_IV_LENGTH 8 2153+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 2154+ 2155+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { 2156+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 2157+}; 2158+ 2159+/********************************************************************* 2160+ * 2161+ * key wrap transforms 2162+ * 2163+ ********************************************************************/ 2164+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; 2165+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; 2166+ 2167+#define xmlSecNssKeyWrapSize \ 2168+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) 2169+ 2170+#define xmlSecNssKeyWrapGetCtx( transform ) \ 2171+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) 2172+ 2173+struct _xmlSecNssKeyWrapCtx { 2174+ CK_MECHANISM_TYPE cipher ; 2175+ PK11SymKey* symkey ; 2176+ xmlSecKeyDataId keyId ; 2177+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ 2178+} ; 2179+ 2180+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); 2181+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); 2182+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, 2183+ xmlSecKeyReqPtr keyReq); 2184+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, 2185+ xmlSecKeyPtr key); 2186+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, 2187+ int last, 2188+ xmlSecTransformCtxPtr transformCtx); 2189+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); 2190+ 2191+static int 2192+xmlSecNssKeyWrapCheckId( 2193+ xmlSecTransformPtr transform 2194+) { 2195+ #ifndef XMLSEC_NO_DES 2196+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { 2197+ return(1); 2198+ } 2199+ #endif /* XMLSEC_NO_DES */ 2200+ 2201+ #ifndef XMLSEC_NO_AES 2202+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || 2203+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || 2204+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { 2205+ 2206+ return(1); 2207+ } 2208+ #endif /* XMLSEC_NO_AES */ 2209+ 2210+ return(0); 2211+} 2212+ 2213+static xmlSecSize 2214+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { 2215+#ifndef XMLSEC_NO_DES 2216+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { 2217+ return(XMLSEC_NSS_DES3_KEY_SIZE); 2218+ } else 2219+#endif /* XMLSEC_NO_DES */ 2220+ 2221+#ifndef XMLSEC_NO_AES 2222+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { 2223+ return(XMLSEC_NSS_AES128_KEY_SIZE); 2224+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { 2225+ return(XMLSEC_NSS_AES192_KEY_SIZE); 2226+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { 2227+ return(XMLSEC_NSS_AES256_KEY_SIZE); 2228+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { 2229+ return(XMLSEC_NSS_AES256_KEY_SIZE); 2230+ } else 2231+#endif /* XMLSEC_NO_AES */ 2232+ 2233+ if(1) 2234+ return(0); 2235+} 2236+ 2237+ 2238+static int 2239+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { 2240+ xmlSecNssKeyWrapCtxPtr context ; 2241+ int ret; 2242+ 2243+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); 2244+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); 2245+ 2246+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2247+ xmlSecAssert2( context != NULL , -1 ) ; 2248+ 2249+ #ifndef XMLSEC_NO_DES 2250+ if( transform->id == xmlSecNssTransformKWDes3Id ) { 2251+ context->cipher = CKM_DES3_CBC ; 2252+ context->keyId = xmlSecNssKeyDataDesId ; 2253+ } else 2254+ #endif /* XMLSEC_NO_DES */ 2255+ 2256+ #ifndef XMLSEC_NO_AES 2257+ if( transform->id == xmlSecNssTransformKWAes128Id ) { 2258+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ 2259+ context->cipher = CKM_AES_CBC ; 2260+ context->keyId = xmlSecNssKeyDataAesId ; 2261+ } else 2262+ if( transform->id == xmlSecNssTransformKWAes192Id ) { 2263+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ 2264+ context->cipher = CKM_AES_CBC ; 2265+ context->keyId = xmlSecNssKeyDataAesId ; 2266+ } else 2267+ if( transform->id == xmlSecNssTransformKWAes256Id ) { 2268+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ 2269+ context->cipher = CKM_AES_CBC ; 2270+ context->keyId = xmlSecNssKeyDataAesId ; 2271+ } else 2272+ #endif /* XMLSEC_NO_AES */ 2273+ 2274+ 2275+ if( 1 ) { 2276+ xmlSecError( XMLSEC_ERRORS_HERE , 2277+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), 2278+ NULL , 2279+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2280+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2281+ return(-1); 2282+ } 2283+ 2284+ context->symkey = NULL ; 2285+ context->material = NULL ; 2286+ 2287+ return(0); 2288+} 2289+ 2290+static void 2291+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { 2292+ xmlSecNssKeyWrapCtxPtr context ; 2293+ 2294+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); 2295+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); 2296+ 2297+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2298+ xmlSecAssert( context != NULL ) ; 2299+ 2300+ if( context->symkey != NULL ) { 2301+ PK11_FreeSymKey( context->symkey ) ; 2302+ context->symkey = NULL ; 2303+ } 2304+ 2305+ if( context->material != NULL ) { 2306+ xmlSecBufferDestroy(context->material); 2307+ context->material = NULL ; 2308+ } 2309+} 2310+ 2311+static int 2312+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { 2313+ xmlSecNssKeyWrapCtxPtr context ; 2314+ xmlSecSize cipherSize = 0 ; 2315+ 2316+ 2317+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); 2318+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); 2319+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 2320+ xmlSecAssert2(keyReq != NULL, -1); 2321+ 2322+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2323+ xmlSecAssert2( context != NULL , -1 ) ; 2324+ 2325+ keyReq->keyId = context->keyId; 2326+ keyReq->keyType = xmlSecKeyDataTypeSymmetric; 2327+ if(transform->operation == xmlSecTransformOperationEncrypt) { 2328+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; 2329+ } else { 2330+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; 2331+ } 2332+ 2333+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; 2334+ 2335+ return(0); 2336+} 2337+ 2338+static int 2339+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { 2340+ xmlSecNssKeyWrapCtxPtr context = NULL ; 2341+ xmlSecKeyDataPtr keyData = NULL ; 2342+ PK11SymKey* symkey = NULL ; 2343+ 2344+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); 2345+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); 2346+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); 2347+ xmlSecAssert2(key != NULL, -1); 2348+ 2349+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 2350+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { 2351+ xmlSecError( XMLSEC_ERRORS_HERE , 2352+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 2353+ "xmlSecNssKeyWrapGetCtx" , 2354+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2355+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2356+ return(-1); 2357+ } 2358+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; 2359+ 2360+ keyData = xmlSecKeyGetValue( key ) ; 2361+ if( keyData == NULL ) { 2362+ xmlSecError( XMLSEC_ERRORS_HERE , 2363+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , 2364+ "xmlSecKeyGetValue" , 2365+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2366+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2367+ return(-1); 2368+ } 2369+ 2370+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { 2371+ xmlSecError( XMLSEC_ERRORS_HERE , 2372+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , 2373+ "xmlSecNssSymKeyDataGetKey" , 2374+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2375+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2376+ return(-1); 2377+ } 2378+ 2379+ context->symkey = symkey ; 2380+ 2381+ return(0) ; 2382+} 2383+ 2384+/** 2385+ * key wrap transform 2386+ */ 2387+static int 2388+xmlSecNssKeyWrapCtxInit( 2389+ xmlSecNssKeyWrapCtxPtr ctx , 2390+ xmlSecBufferPtr in , 2391+ xmlSecBufferPtr out , 2392+ int encrypt , 2393+ xmlSecTransformCtxPtr transformCtx 2394+) { 2395+ xmlSecSize blockSize ; 2396+ 2397+ xmlSecAssert2( ctx != NULL , -1 ) ; 2398+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2399+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2400+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2401+ xmlSecAssert2( in != NULL , -1 ) ; 2402+ xmlSecAssert2( out != NULL , -1 ) ; 2403+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 2404+ 2405+ if( ctx->material != NULL ) { 2406+ xmlSecBufferDestroy( ctx->material ) ; 2407+ ctx->material = NULL ; 2408+ } 2409+ 2410+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 2411+ xmlSecError( XMLSEC_ERRORS_HERE , 2412+ NULL , 2413+ "PK11_GetBlockSize" , 2414+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2415+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2416+ return(-1); 2417+ } 2418+ 2419+ ctx->material = xmlSecBufferCreate( blockSize ) ; 2420+ if( ctx->material == NULL ) { 2421+ xmlSecError( XMLSEC_ERRORS_HERE , 2422+ NULL , 2423+ "xmlSecBufferCreate" , 2424+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2425+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2426+ return(-1); 2427+ } 2428+ 2429+ /* read raw key material into context */ 2430+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { 2431+ xmlSecError( XMLSEC_ERRORS_HERE , 2432+ NULL , 2433+ "xmlSecBufferSetData" , 2434+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2435+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2436+ return(-1); 2437+ } 2438+ 2439+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { 2440+ xmlSecError( XMLSEC_ERRORS_HERE , 2441+ NULL , 2442+ "xmlSecBufferRemoveHead" , 2443+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2444+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2445+ return(-1); 2446+ } 2447+ 2448+ return(0); 2449+} 2450+ 2451+/** 2452+ * key wrap transform update 2453+ */ 2454+static int 2455+xmlSecNssKeyWrapCtxUpdate( 2456+ xmlSecNssKeyWrapCtxPtr ctx , 2457+ xmlSecBufferPtr in , 2458+ xmlSecBufferPtr out , 2459+ int encrypt , 2460+ xmlSecTransformCtxPtr transformCtx 2461+) { 2462+ xmlSecAssert2( ctx != NULL , -1 ) ; 2463+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2464+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2465+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2466+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2467+ xmlSecAssert2( in != NULL , -1 ) ; 2468+ xmlSecAssert2( out != NULL , -1 ) ; 2469+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 2470+ 2471+ /* read raw key material and append into context */ 2472+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { 2473+ xmlSecError( XMLSEC_ERRORS_HERE , 2474+ NULL , 2475+ "xmlSecBufferAppend" , 2476+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2477+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2478+ return(-1); 2479+ } 2480+ 2481+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { 2482+ xmlSecError( XMLSEC_ERRORS_HERE , 2483+ NULL , 2484+ "xmlSecBufferRemoveHead" , 2485+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2486+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2487+ return(-1); 2488+ } 2489+ 2490+ return(0); 2491+} 2492+ 2493+static int 2494+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { 2495+ xmlSecSize s; 2496+ xmlSecSize i; 2497+ xmlSecByte c; 2498+ 2499+ xmlSecAssert2(buf != NULL, -1); 2500+ 2501+ s = size / 2; 2502+ --size; 2503+ for(i = 0; i < s; ++i) { 2504+ c = buf[i]; 2505+ buf[i] = buf[size - i]; 2506+ buf[size - i] = c; 2507+ } 2508+ return(0); 2509+} 2510+ 2511+static xmlSecByte * 2512+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, 2513+ xmlSecByte *out, xmlSecSize outSize) 2514+{ 2515+ PK11Context *context = NULL; 2516+ SECStatus s; 2517+ xmlSecByte *digest = NULL; 2518+ unsigned int len; 2519+ 2520+ xmlSecAssert2(in != NULL, NULL); 2521+ xmlSecAssert2(out != NULL, NULL); 2522+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); 2523+ 2524+ /* Create a context for hashing (digesting) */ 2525+ context = PK11_CreateDigestContext(SEC_OID_SHA1); 2526+ if (context == NULL) { 2527+ xmlSecError(XMLSEC_ERRORS_HERE, 2528+ NULL, 2529+ "PK11_CreateDigestContext", 2530+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2531+ "error code = %d", PORT_GetError()); 2532+ goto done; 2533+ } 2534+ 2535+ s = PK11_DigestBegin(context); 2536+ if (s != SECSuccess) { 2537+ xmlSecError(XMLSEC_ERRORS_HERE, 2538+ NULL, 2539+ "PK11_DigestBegin", 2540+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2541+ "error code = %d", PORT_GetError()); 2542+ goto done; 2543+ } 2544+ 2545+ s = PK11_DigestOp(context, in, inSize); 2546+ if (s != SECSuccess) { 2547+ xmlSecError(XMLSEC_ERRORS_HERE, 2548+ NULL, 2549+ "PK11_DigestOp", 2550+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2551+ "error code = %d", PORT_GetError()); 2552+ goto done; 2553+ } 2554+ 2555+ s = PK11_DigestFinal(context, out, &len, outSize); 2556+ if (s != SECSuccess) { 2557+ xmlSecError(XMLSEC_ERRORS_HERE, 2558+ NULL, 2559+ "PK11_DigestFinal", 2560+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2561+ "error code = %d", PORT_GetError()); 2562+ goto done; 2563+ } 2564+ xmlSecAssert2(len == SHA1_LENGTH, NULL); 2565+ 2566+ digest = out; 2567+ 2568+done: 2569+ if (context != NULL) { 2570+ PK11_DestroyContext(context, PR_TRUE); 2571+ } 2572+ return (digest); 2573+} 2574+ 2575+static int 2576+xmlSecNssKWDes3Encrypt( 2577+ PK11SymKey* symKey , 2578+ CK_MECHANISM_TYPE cipherMech , 2579+ const xmlSecByte* iv , 2580+ xmlSecSize ivSize , 2581+ const xmlSecByte* in , 2582+ xmlSecSize inSize , 2583+ xmlSecByte* out , 2584+ xmlSecSize outSize , 2585+ int enc 2586+) { 2587+ PK11Context* EncContext = NULL; 2588+ SECItem ivItem ; 2589+ SECItem* secParam = NULL ; 2590+ int tmp1_outlen; 2591+ unsigned int tmp2_outlen; 2592+ int result_len = -1; 2593+ SECStatus rv; 2594+ 2595+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; 2596+ xmlSecAssert2( symKey != NULL , -1 ) ; 2597+ xmlSecAssert2(iv != NULL, -1); 2598+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); 2599+ xmlSecAssert2(in != NULL, -1); 2600+ xmlSecAssert2(inSize > 0, -1); 2601+ xmlSecAssert2(out != NULL, -1); 2602+ xmlSecAssert2(outSize >= inSize, -1); 2603+ 2604+ /* Prepare IV */ 2605+ ivItem.data = ( unsigned char* )iv ; 2606+ ivItem.len = ivSize ; 2607+ 2608+ secParam = PK11_ParamFromIV(cipherMech, &ivItem); 2609+ if (secParam == NULL) { 2610+ xmlSecError(XMLSEC_ERRORS_HERE, 2611+ NULL, 2612+ "PK11_ParamFromIV", 2613+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2614+ "Error code = %d", PORT_GetError()); 2615+ goto done; 2616+ } 2617+ 2618+ EncContext = PK11_CreateContextBySymKey(cipherMech, 2619+ enc ? CKA_ENCRYPT : CKA_DECRYPT, 2620+ symKey, secParam); 2621+ if (EncContext == NULL) { 2622+ xmlSecError(XMLSEC_ERRORS_HERE, 2623+ NULL, 2624+ "PK11_CreateContextBySymKey", 2625+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2626+ "Error code = %d", PORT_GetError()); 2627+ goto done; 2628+ } 2629+ 2630+ tmp1_outlen = tmp2_outlen = 0; 2631+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, 2632+ (unsigned char *)in, inSize); 2633+ if (rv != SECSuccess) { 2634+ xmlSecError(XMLSEC_ERRORS_HERE, 2635+ NULL, 2636+ "PK11_CipherOp", 2637+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2638+ "Error code = %d", PORT_GetError()); 2639+ goto done; 2640+ } 2641+ 2642+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, 2643+ &tmp2_outlen, outSize-tmp1_outlen); 2644+ if (rv != SECSuccess) { 2645+ xmlSecError(XMLSEC_ERRORS_HERE, 2646+ NULL, 2647+ "PK11_DigestFinal", 2648+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2649+ "Error code = %d", PORT_GetError()); 2650+ goto done; 2651+ } 2652+ 2653+ result_len = tmp1_outlen + tmp2_outlen; 2654+ 2655+done: 2656+ if (secParam) { 2657+ SECITEM_FreeItem(secParam, PR_TRUE); 2658+ } 2659+ if (EncContext) { 2660+ PK11_DestroyContext(EncContext, PR_TRUE); 2661+ } 2662+ 2663+ return(result_len); 2664+} 2665+ 2666+static int 2667+xmlSecNssKeyWrapDesOp( 2668+ xmlSecNssKeyWrapCtxPtr ctx , 2669+ int encrypt , 2670+ xmlSecBufferPtr result 2671+) { 2672+ xmlSecByte sha1[SHA1_LENGTH]; 2673+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; 2674+ xmlSecByte* in; 2675+ xmlSecSize inSize; 2676+ xmlSecByte* out; 2677+ xmlSecSize outSize; 2678+ xmlSecSize s; 2679+ int ret; 2680+ SECStatus status; 2681+ 2682+ xmlSecAssert2( ctx != NULL , -1 ) ; 2683+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2684+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2685+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2686+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2687+ xmlSecAssert2( result != NULL , -1 ) ; 2688+ 2689+ in = xmlSecBufferGetData(ctx->material); 2690+ inSize = xmlSecBufferGetSize(ctx->material) ; 2691+ out = xmlSecBufferGetData(result); 2692+ outSize = xmlSecBufferGetMaxSize(result) ; 2693+ if( encrypt ) { 2694+ /* step 2: calculate sha1 and CMS */ 2695+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { 2696+ xmlSecError(XMLSEC_ERRORS_HERE, 2697+ NULL, 2698+ "xmlSecNssComputeSHA1", 2699+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2700+ XMLSEC_ERRORS_NO_MESSAGE); 2701+ return(-1); 2702+ } 2703+ 2704+ /* step 3: construct WKCKS */ 2705+ memcpy(out, in, inSize); 2706+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); 2707+ 2708+ /* step 4: generate random iv */ 2709+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); 2710+ if(status != SECSuccess) { 2711+ xmlSecError(XMLSEC_ERRORS_HERE, 2712+ NULL, 2713+ "PK11_GenerateRandom", 2714+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2715+ "error code = %d", PORT_GetError()); 2716+ return(-1); 2717+ } 2718+ 2719+ /* step 5: first encryption, result is TEMP1 */ 2720+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2721+ iv, XMLSEC_NSS_DES3_IV_LENGTH, 2722+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, 2723+ out, outSize, 1); 2724+ if(ret < 0) { 2725+ xmlSecError(XMLSEC_ERRORS_HERE, 2726+ NULL, 2727+ "xmlSecNssKWDes3Encrypt", 2728+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2729+ XMLSEC_ERRORS_NO_MESSAGE); 2730+ return(-1); 2731+ } 2732+ 2733+ /* step 6: construct TEMP2=IV || TEMP1 */ 2734+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, 2735+ inSize + XMLSEC_NSS_DES3_IV_LENGTH); 2736+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); 2737+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; 2738+ 2739+ /* step 7: reverse octets order, result is TEMP3 */ 2740+ ret = xmlSecNssKWDes3BufferReverse(out, s); 2741+ if(ret < 0) { 2742+ xmlSecError(XMLSEC_ERRORS_HERE, 2743+ NULL, 2744+ "xmlSecNssKWDes3BufferReverse", 2745+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2746+ XMLSEC_ERRORS_NO_MESSAGE); 2747+ return(-1); 2748+ } 2749+ 2750+ /* step 8: second encryption with static IV */ 2751+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2752+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, 2753+ out, s, 2754+ out, outSize, 1); 2755+ if(ret < 0) { 2756+ xmlSecError(XMLSEC_ERRORS_HERE, 2757+ NULL, 2758+ "xmlSecNssKWDes3Encrypt", 2759+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2760+ XMLSEC_ERRORS_NO_MESSAGE); 2761+ return(-1); 2762+ } 2763+ s = ret; 2764+ 2765+ if( xmlSecBufferSetSize( result , s ) < 0 ) { 2766+ xmlSecError(XMLSEC_ERRORS_HERE, 2767+ NULL, 2768+ "xmlSecBufferSetSize", 2769+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2770+ XMLSEC_ERRORS_NO_MESSAGE); 2771+ return(-1); 2772+ } 2773+ } else { 2774+ /* step 2: first decryption with static IV, result is TEMP3 */ 2775+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2776+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, 2777+ in, inSize, 2778+ out, outSize, 0); 2779+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { 2780+ xmlSecError(XMLSEC_ERRORS_HERE, 2781+ NULL, 2782+ "xmlSecNssKWDes3Encrypt", 2783+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2784+ XMLSEC_ERRORS_NO_MESSAGE); 2785+ return(-1); 2786+ } 2787+ s = ret; 2788+ 2789+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ 2790+ ret = xmlSecNssKWDes3BufferReverse(out, s); 2791+ if(ret < 0) { 2792+ xmlSecError(XMLSEC_ERRORS_HERE, 2793+ NULL, 2794+ "xmlSecNssKWDes3BufferReverse", 2795+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2796+ XMLSEC_ERRORS_NO_MESSAGE); 2797+ return(-1); 2798+ } 2799+ 2800+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ 2801+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, 2802+ out, XMLSEC_NSS_DES3_IV_LENGTH, 2803+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, 2804+ out, outSize, 0); 2805+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { 2806+ xmlSecError(XMLSEC_ERRORS_HERE, 2807+ NULL, 2808+ "xmlSecNssKWDes3Encrypt", 2809+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2810+ XMLSEC_ERRORS_NO_MESSAGE); 2811+ return(-1); 2812+ } 2813+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; 2814+ 2815+ /* steps 6 and 7: calculate SHA1 and validate it */ 2816+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { 2817+ xmlSecError(XMLSEC_ERRORS_HERE, 2818+ NULL, 2819+ "xmlSecNssComputeSHA1", 2820+ XMLSEC_ERRORS_R_CRYPTO_FAILED, 2821+ XMLSEC_ERRORS_NO_MESSAGE); 2822+ return(-1); 2823+ } 2824+ 2825+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { 2826+ xmlSecError(XMLSEC_ERRORS_HERE, 2827+ NULL, 2828+ NULL, 2829+ XMLSEC_ERRORS_R_INVALID_DATA, 2830+ "SHA1 does not match"); 2831+ return(-1); 2832+ } 2833+ 2834+ if( xmlSecBufferSetSize( result , s ) < 0 ) { 2835+ xmlSecError(XMLSEC_ERRORS_HERE, 2836+ NULL, 2837+ "xmlSecBufferSetSize", 2838+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 2839+ XMLSEC_ERRORS_NO_MESSAGE); 2840+ return(-1); 2841+ } 2842+ } 2843+ 2844+ return(0); 2845+} 2846+ 2847+static int 2848+xmlSecNssKeyWrapAesOp( 2849+ xmlSecNssKeyWrapCtxPtr ctx , 2850+ int encrypt , 2851+ xmlSecBufferPtr result 2852+) { 2853+ PK11Context* cipherCtx = NULL; 2854+ SECItem ivItem ; 2855+ SECItem* secParam = NULL ; 2856+ xmlSecSize inSize ; 2857+ xmlSecSize inBlocks ; 2858+ int blockSize ; 2859+ int midSize ; 2860+ int finSize ; 2861+ xmlSecByte* out ; 2862+ xmlSecSize outSize; 2863+ 2864+ xmlSecAssert2( ctx != NULL , -1 ) ; 2865+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2866+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2867+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2868+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2869+ xmlSecAssert2( result != NULL , -1 ) ; 2870+ 2871+ /* Do not set any IV */ 2872+ memset(&ivItem, 0, sizeof(ivItem)); 2873+ 2874+ /* Get block size */ 2875+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 2876+ xmlSecError( XMLSEC_ERRORS_HERE , 2877+ NULL , 2878+ "PK11_GetBlockSize" , 2879+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2880+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2881+ return(-1); 2882+ } 2883+ 2884+ inSize = xmlSecBufferGetSize( ctx->material ) ; 2885+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { 2886+ xmlSecError( XMLSEC_ERRORS_HERE , 2887+ NULL , 2888+ "xmlSecBufferSetMaxSize" , 2889+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2890+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2891+ return(-1); 2892+ } 2893+ 2894+ /* Get Param for context initialization */ 2895+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { 2896+ xmlSecError( XMLSEC_ERRORS_HERE , 2897+ NULL , 2898+ "PK11_ParamFromIV" , 2899+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2900+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2901+ return(-1); 2902+ } 2903+ 2904+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; 2905+ if( cipherCtx == NULL ) { 2906+ xmlSecError( XMLSEC_ERRORS_HERE , 2907+ NULL , 2908+ "PK11_CreateContextBySymKey" , 2909+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2910+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2911+ SECITEM_FreeItem( secParam , PR_TRUE ) ; 2912+ return(-1); 2913+ } 2914+ 2915+ out = xmlSecBufferGetData(result) ; 2916+ outSize = xmlSecBufferGetMaxSize(result) ; 2917+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { 2918+ xmlSecError( XMLSEC_ERRORS_HERE , 2919+ NULL , 2920+ "PK11_CipherOp" , 2921+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2922+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2923+ return(-1); 2924+ } 2925+ 2926+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { 2927+ xmlSecError( XMLSEC_ERRORS_HERE , 2928+ NULL , 2929+ "PK11_DigestFinal" , 2930+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2931+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2932+ return(-1); 2933+ } 2934+ 2935+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { 2936+ xmlSecError( XMLSEC_ERRORS_HERE , 2937+ NULL , 2938+ "xmlSecBufferSetSize" , 2939+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2940+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2941+ return(-1); 2942+ } 2943+ 2944+ return 0 ; 2945+} 2946+ 2947+/** 2948+ * Block cipher transform final 2949+ */ 2950+static int 2951+xmlSecNssKeyWrapCtxFinal( 2952+ xmlSecNssKeyWrapCtxPtr ctx , 2953+ xmlSecBufferPtr in , 2954+ xmlSecBufferPtr out , 2955+ int encrypt , 2956+ xmlSecTransformCtxPtr transformCtx 2957+) { 2958+ PK11SymKey* targetKey ; 2959+ xmlSecSize blockSize ; 2960+ xmlSecBufferPtr result ; 2961+ 2962+ xmlSecAssert2( ctx != NULL , -1 ) ; 2963+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; 2964+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; 2965+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; 2966+ xmlSecAssert2( ctx->material != NULL , -1 ) ; 2967+ xmlSecAssert2( in != NULL , -1 ) ; 2968+ xmlSecAssert2( out != NULL , -1 ) ; 2969+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 2970+ 2971+ /* read raw key material and append into context */ 2972+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { 2973+ xmlSecError( XMLSEC_ERRORS_HERE , 2974+ NULL , 2975+ "xmlSecBufferAppend" , 2976+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2977+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2978+ return(-1); 2979+ } 2980+ 2981+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { 2982+ xmlSecError( XMLSEC_ERRORS_HERE , 2983+ NULL , 2984+ "xmlSecBufferRemoveHead" , 2985+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2986+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2987+ return(-1); 2988+ } 2989+ 2990+ /* Now we get all of the key materail */ 2991+ /* from now on we will wrap or unwrap the key */ 2992+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { 2993+ xmlSecError( XMLSEC_ERRORS_HERE , 2994+ NULL , 2995+ "PK11_GetBlockSize" , 2996+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 2997+ XMLSEC_ERRORS_NO_MESSAGE ) ; 2998+ return(-1); 2999+ } 3000+ 3001+ result = xmlSecBufferCreate( blockSize ) ; 3002+ if( result == NULL ) { 3003+ xmlSecError( XMLSEC_ERRORS_HERE , 3004+ NULL , 3005+ "xmlSecBufferCreate" , 3006+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3007+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3008+ return(-1); 3009+ } 3010+ 3011+ switch( ctx->cipher ) { 3012+ case CKM_DES3_CBC : 3013+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { 3014+ xmlSecError( XMLSEC_ERRORS_HERE , 3015+ NULL , 3016+ "xmlSecNssKeyWrapDesOp" , 3017+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3018+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3019+ xmlSecBufferDestroy(result); 3020+ return(-1); 3021+ } 3022+ break ; 3023+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ 3024+ case CKM_AES_CBC : 3025+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { 3026+ xmlSecError( XMLSEC_ERRORS_HERE , 3027+ NULL , 3028+ "xmlSecNssKeyWrapAesOp" , 3029+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3030+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3031+ xmlSecBufferDestroy(result); 3032+ return(-1); 3033+ } 3034+ break ; 3035+ } 3036+ 3037+ /* Write output */ 3038+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { 3039+ xmlSecError( XMLSEC_ERRORS_HERE , 3040+ NULL , 3041+ "xmlSecBufferAppend" , 3042+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3043+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3044+ xmlSecBufferDestroy(result); 3045+ return(-1); 3046+ } 3047+ xmlSecBufferDestroy(result); 3048+ 3049+ return(0); 3050+} 3051+ 3052+static int 3053+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { 3054+ xmlSecNssKeyWrapCtxPtr context = NULL ; 3055+ xmlSecBufferPtr inBuf, outBuf ; 3056+ int operation ; 3057+ int rtv ; 3058+ 3059+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; 3060+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; 3061+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; 3062+ xmlSecAssert2( transformCtx != NULL , -1 ) ; 3063+ 3064+ context = xmlSecNssKeyWrapGetCtx( transform ) ; 3065+ if( context == NULL ) { 3066+ xmlSecError( XMLSEC_ERRORS_HERE , 3067+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3068+ "xmlSecNssKeyWrapGetCtx" , 3069+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3070+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3071+ return(-1); 3072+ } 3073+ 3074+ inBuf = &( transform->inBuf ) ; 3075+ outBuf = &( transform->outBuf ) ; 3076+ 3077+ if( transform->status == xmlSecTransformStatusNone ) { 3078+ transform->status = xmlSecTransformStatusWorking ; 3079+ } 3080+ 3081+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; 3082+ if( transform->status == xmlSecTransformStatusWorking ) { 3083+ if( context->material == NULL ) { 3084+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; 3085+ if( rtv < 0 ) { 3086+ xmlSecError( XMLSEC_ERRORS_HERE , 3087+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3088+ "xmlSecNssKeyWrapCtxInit" , 3089+ XMLSEC_ERRORS_R_INVALID_STATUS , 3090+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3091+ return(-1); 3092+ } 3093+ } 3094+ 3095+ if( context->material == NULL && last != 0 ) { 3096+ xmlSecError( XMLSEC_ERRORS_HERE , 3097+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3098+ NULL , 3099+ XMLSEC_ERRORS_R_INVALID_STATUS , 3100+ "No enough data to initialize transform" ) ; 3101+ return(-1); 3102+ } 3103+ 3104+ if( context->material != NULL ) { 3105+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; 3106+ if( rtv < 0 ) { 3107+ xmlSecError( XMLSEC_ERRORS_HERE , 3108+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3109+ "xmlSecNssKeyWrapCtxUpdate" , 3110+ XMLSEC_ERRORS_R_INVALID_STATUS , 3111+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3112+ return(-1); 3113+ } 3114+ } 3115+ 3116+ if( last ) { 3117+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; 3118+ if( rtv < 0 ) { 3119+ xmlSecError( XMLSEC_ERRORS_HERE , 3120+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3121+ "xmlSecNssKeyWrapCtxFinal" , 3122+ XMLSEC_ERRORS_R_INVALID_STATUS , 3123+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3124+ return(-1); 3125+ } 3126+ transform->status = xmlSecTransformStatusFinished ; 3127+ } 3128+ } else if( transform->status == xmlSecTransformStatusFinished ) { 3129+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { 3130+ xmlSecError( XMLSEC_ERRORS_HERE , 3131+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3132+ NULL , 3133+ XMLSEC_ERRORS_R_INVALID_STATUS , 3134+ "status=%d", transform->status ) ; 3135+ return(-1); 3136+ } 3137+ } else { 3138+ xmlSecError( XMLSEC_ERRORS_HERE , 3139+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , 3140+ NULL , 3141+ XMLSEC_ERRORS_R_INVALID_STATUS , 3142+ "status=%d", transform->status ) ; 3143+ return(-1); 3144+ } 3145+ 3146+ return(0); 3147+} 3148+ 3149+#ifndef XMLSEC_NO_AES 3150+ 3151+ 3152+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3153+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { 3154+#else 3155+static xmlSecTransformKlass xmlSecNssKWAes128Klass = { 3156+#endif 3157+ /* klass/object sizes */ 3158+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3159+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3160+ 3161+ xmlSecNameKWAes128, /* const xmlChar* name; */ 3162+ xmlSecHrefKWAes128, /* const xmlChar* href; */ 3163+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3164+ 3165+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3166+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3167+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3168+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3169+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3170+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3171+ NULL, /* xmlSecTransformValidateMethod validate; */ 3172+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3173+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3174+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3175+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3176+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3177+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3178+ 3179+ NULL, /* void* reserved0; */ 3180+ NULL, /* void* reserved1; */ 3181+}; 3182+ 3183+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3184+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { 3185+#else 3186+static xmlSecTransformKlass xmlSecNssKWAes192Klass = { 3187+#endif 3188+ /* klass/object sizes */ 3189+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3190+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3191+ 3192+ xmlSecNameKWAes192, /* const xmlChar* name; */ 3193+ xmlSecHrefKWAes192, /* const xmlChar* href; */ 3194+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3195+ 3196+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3197+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3198+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3199+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3200+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3201+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3202+ NULL, /* xmlSecTransformValidateMethod validate; */ 3203+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3204+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3205+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3206+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3207+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3208+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3209+ 3210+ NULL, /* void* reserved0; */ 3211+ NULL, /* void* reserved1; */ 3212+}; 3213+ 3214+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3215+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { 3216+#else 3217+static xmlSecTransformKlass xmlSecNssKWAes256Klass = { 3218+#endif 3219+ /* klass/object sizes */ 3220+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3221+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3222+ 3223+ xmlSecNameKWAes256, /* const xmlChar* name; */ 3224+ xmlSecHrefKWAes256, /* const xmlChar* href; */ 3225+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3226+ 3227+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3228+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3229+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3230+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3231+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3232+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3233+ NULL, /* xmlSecTransformValidateMethod validate; */ 3234+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3235+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3236+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3237+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3238+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3239+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3240+ 3241+ NULL, /* void* reserved0; */ 3242+ NULL, /* void* reserved1; */ 3243+}; 3244+ 3245+/** 3246+ * xmlSecNssTransformKWAes128GetKlass: 3247+ * 3248+ * The AES-128 key wrapper transform klass. 3249+ * 3250+ * Returns AES-128 key wrapper transform klass. 3251+ */ 3252+xmlSecTransformId 3253+xmlSecNssTransformKWAes128GetKlass(void) { 3254+ return(&xmlSecNssKWAes128Klass); 3255+} 3256+ 3257+/** 3258+ * xmlSecNssTransformKWAes192GetKlass: 3259+ * 3260+ * The AES-192 key wrapper transform klass. 3261+ * 3262+ * Returns AES-192 key wrapper transform klass. 3263+ */ 3264+xmlSecTransformId 3265+xmlSecNssTransformKWAes192GetKlass(void) { 3266+ return(&xmlSecNssKWAes192Klass); 3267+} 3268+ 3269+/** 3270+ * 3271+ * The AES-256 key wrapper transform klass. 3272+ * 3273+ * Returns AES-256 key wrapper transform klass. 3274+ */ 3275+xmlSecTransformId 3276+xmlSecNssTransformKWAes256GetKlass(void) { 3277+ return(&xmlSecNssKWAes256Klass); 3278+} 3279+ 3280+#endif /* XMLSEC_NO_AES */ 3281+ 3282+ 3283+#ifndef XMLSEC_NO_DES 3284+ 3285+#ifdef __MINGW32__ // for runtime-pseudo-reloc 3286+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { 3287+#else 3288+static xmlSecTransformKlass xmlSecNssKWDes3Klass = { 3289+#endif 3290+ /* klass/object sizes */ 3291+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ 3292+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ 3293+ 3294+ xmlSecNameKWDes3, /* const xmlChar* name; */ 3295+ xmlSecHrefKWDes3, /* const xmlChar* href; */ 3296+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ 3297+ 3298+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ 3299+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ 3300+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ 3301+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ 3302+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ 3303+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ 3304+ NULL, /* xmlSecTransformValidateMethod validate; */ 3305+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ 3306+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ 3307+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ 3308+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ 3309+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ 3310+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ 3311+ 3312+ NULL, /* void* reserved0; */ 3313+ NULL, /* void* reserved1; */ 3314+}; 3315+ 3316+/** 3317+ * xmlSecNssTransformKWDes3GetKlass: 3318+ * 3319+ * The Triple DES key wrapper transform klass. 3320+ * 3321+ * Returns Triple DES key wrapper transform klass. 3322+ */ 3323+xmlSecTransformId 3324+xmlSecNssTransformKWDes3GetKlass(void) { 3325+ return(&xmlSecNssKWDes3Klass); 3326+} 3327+ 3328+#endif /* XMLSEC_NO_DES */ 3329+ 3330--- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200 3331+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200 3332@@ -24,6 +24,7 @@ 3333 #include <xmlsec/nss/crypto.h> 3334 #include <xmlsec/nss/bignum.h> 3335 #include <xmlsec/nss/pkikeys.h> 3336+#include <xmlsec/nss/tokens.h> 3337 3338 /************************************************************************** 3339 * 3340@@ -115,6 +116,8 @@ 3341 xmlSecNssPKIKeyDataCtxPtr ctxSrc) 3342 { 3343 xmlSecNSSPKIKeyDataCtxFree(ctxDst); 3344+ ctxDst->privkey = NULL ; 3345+ ctxDst->pubkey = NULL ; 3346 if (ctxSrc->privkey != NULL) { 3347 ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); 3348 if(ctxDst->privkey == NULL) { 3349@@ -588,13 +591,13 @@ 3350 goto done; 3351 } 3352 3353- slot = PK11_GetBestSlot(CKM_DSA, NULL); 3354+ slot = xmlSecNssSlotGet(CKM_DSA); 3355 if(slot == NULL) { 3356 xmlSecError(XMLSEC_ERRORS_HERE, 3357 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3358- "PK11_GetBestSlot", 3359+ "xmlSecNssSlotGet", 3360 XMLSEC_ERRORS_R_CRYPTO_FAILED, 3361- XMLSEC_ERRORS_NO_MESSAGE); 3362+ "error code=%d", PORT_GetError()); 3363 ret = -1; 3364 goto done; 3365 } 3366@@ -792,14 +795,14 @@ 3367 if (slot != NULL) { 3368 PK11_FreeSlot(slot); 3369 } 3370- if (ret != 0) { 3371+ 3372 if (pubkey != NULL) { 3373 SECKEY_DestroyPublicKey(pubkey); 3374 } 3375 if (data != NULL) { 3376 xmlSecKeyDataDestroy(data); 3377 } 3378- } 3379+ 3380 return(ret); 3381 } 3382 3383@@ -818,7 +821,7 @@ 3384 3385 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); 3386 xmlSecAssert2(ctx != NULL, -1); 3387- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); 3388+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ 3389 3390 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { 3391 /* we can have only private key or public key */ 3392@@ -940,7 +943,8 @@ 3393 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3394 "PK11_PQG_ParamGen", 3395 XMLSEC_ERRORS_R_CRYPTO_FAILED, 3396- "size=%d", sizeBits); 3397+ "size=%d, error code=%d", sizeBits, PORT_GetError()); 3398+ ret = -1; 3399 goto done; 3400 } 3401 3402@@ -950,11 +954,12 @@ 3403 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3404 "PK11_PQG_VerifyParams", 3405 XMLSEC_ERRORS_R_CRYPTO_FAILED, 3406- "size=%d", sizeBits); 3407+ "size=%d, error code=%d", sizeBits, PORT_GetError()); 3408+ ret = -1; 3409 goto done; 3410 } 3411 3412- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); 3413+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); 3414 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); 3415 privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, 3416 &pubkey, PR_FALSE, PR_TRUE, NULL); 3417@@ -964,8 +969,9 @@ 3418 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3419 "PK11_GenerateKeyPair", 3420 XMLSEC_ERRORS_R_CRYPTO_FAILED, 3421- XMLSEC_ERRORS_NO_MESSAGE); 3422+ "error code=%d", PORT_GetError()); 3423 3424+ ret = -1; 3425 goto done; 3426 } 3427 3428@@ -979,6 +985,8 @@ 3429 goto done; 3430 } 3431 3432+ privkey = NULL ; 3433+ pubkey = NULL ; 3434 ret = 0; 3435 3436 done: 3437@@ -991,16 +999,13 @@ 3438 if (pqgVerify != NULL) { 3439 PK11_PQG_DestroyVerify(pqgVerify); 3440 } 3441- if (ret == 0) { 3442- return (0); 3443- } 3444 if (pubkey != NULL) { 3445 SECKEY_DestroyPublicKey(pubkey); 3446 } 3447 if (privkey != NULL) { 3448 SECKEY_DestroyPrivateKey(privkey); 3449 } 3450- return(-1); 3451+ return(ret); 3452 } 3453 3454 static xmlSecKeyDataType 3455@@ -1010,10 +1015,10 @@ 3456 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); 3457 ctx = xmlSecNssPKIKeyDataGetCtx(data); 3458 xmlSecAssert2(ctx != NULL, -1); 3459- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); 3460+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ 3461 if (ctx->privkey != NULL) { 3462 return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); 3463- } else { 3464+ } else if( ctx->pubkey != NULL ) { 3465 return(xmlSecKeyDataTypePublic); 3466 } 3467 3468@@ -1027,7 +1032,7 @@ 3469 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); 3470 ctx = xmlSecNssPKIKeyDataGetCtx(data); 3471 xmlSecAssert2(ctx != NULL, -1); 3472- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); 3473+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ 3474 3475 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); 3476 } 3477@@ -1216,13 +1221,13 @@ 3478 goto done; 3479 } 3480 3481- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); 3482+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS); 3483 if(slot == NULL) { 3484 xmlSecError(XMLSEC_ERRORS_HERE, 3485 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3486- "PK11_GetBestSlot", 3487+ "xmlSecNssSlotGet", 3488 XMLSEC_ERRORS_R_CRYPTO_FAILED, 3489- XMLSEC_ERRORS_NO_MESSAGE); 3490+ "error code=%d", PORT_GetError()); 3491 ret = -1; 3492 goto done; 3493 } 3494@@ -1384,7 +1389,7 @@ 3495 3496 ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); 3497 xmlSecAssert2(ctx != NULL, -1); 3498- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); 3499+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ 3500 3501 3502 if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { 3503@@ -1455,7 +1460,7 @@ 3504 params.keySizeInBits = sizeBits; 3505 params.pe = 65537; 3506 3507- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); 3508+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); 3509 PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); 3510 privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, 3511 &pubkey, PR_FALSE, PR_TRUE, NULL); 3512@@ -1525,7 +1530,7 @@ 3513 3514 ctx = xmlSecNssPKIKeyDataGetCtx(data); 3515 xmlSecAssert2(ctx != NULL, -1); 3516- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); 3517+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ 3518 3519 return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); 3520 } 3521--- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200 3522+++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200 3523@@ -15,20 +15,41 @@ 3524 #include <stdio.h> 3525 #include <string.h> 3526 3527+#include <pk11func.h> 3528+#include <nss.h> 3529+ 3530 #include <xmlsec/xmlsec.h> 3531 #include <xmlsec/xmltree.h> 3532+#include <xmlsec/base64.h> 3533 #include <xmlsec/keys.h> 3534 #include <xmlsec/keyinfo.h> 3535 #include <xmlsec/transforms.h> 3536 #include <xmlsec/errors.h> 3537 3538 #include <xmlsec/nss/crypto.h> 3539+#include <xmlsec/nss/ciphers.h> 3540+#include <xmlsec/nss/tokens.h> 3541 3542 /***************************************************************************** 3543 * 3544- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary 3545+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey 3546 * 3547 ****************************************************************************/ 3548+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; 3549+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; 3550+ 3551+struct _xmlSecNssSymKeyDataCtx { 3552+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ 3553+ PK11SlotInfo* slot ; /* the key resident slot */ 3554+ PK11SymKey* symkey ; /* the symmetic key */ 3555+} ; 3556+ 3557+#define xmlSecNssSymKeyDataSize \ 3558+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) 3559+ 3560+#define xmlSecNssSymKeyDataGetCtx( data ) \ 3561+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) 3562+ 3563 static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); 3564 static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, 3565 xmlSecKeyDataPtr src); 3566@@ -67,107 +88,743 @@ 3567 (xmlSecKeyDataIsValid((data)) && \ 3568 xmlSecNssSymKeyDataKlassCheck((data)->id)) 3569 3570+/** 3571+ * xmlSecNssSymKeyDataAdoptKey: 3572+ * @data: the pointer to symmetric key data. 3573+ * @symkey: the symmetric key 3574+ * 3575+ * Set the value of symmetric key data. 3576+ * 3577+ * Returns 0 on success or a negative value if an error occurs. 3578+ */ 3579+int 3580+xmlSecNssSymKeyDataAdoptKey( 3581+ xmlSecKeyDataPtr data , 3582+ PK11SymKey* symkey 3583+) { 3584+ xmlSecNssSymKeyDataCtxPtr context = NULL ; 3585+ 3586+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; 3587+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; 3588+ xmlSecAssert2( symkey != NULL, -1 ) ; 3589+ 3590+ context = xmlSecNssSymKeyDataGetCtx( data ) ; 3591+ xmlSecAssert2(context != NULL, -1); 3592+ 3593+ context->cipher = PK11_GetMechanism( symkey ) ; 3594+ 3595+ if( context->slot != NULL ) { 3596+ PK11_FreeSlot( context->slot ) ; 3597+ context->slot = NULL ; 3598+ } 3599+ context->slot = PK11_GetSlotFromKey( symkey ) ; 3600+ 3601+ if( context->symkey != NULL ) { 3602+ PK11_FreeSymKey( context->symkey ) ; 3603+ context->symkey = NULL ; 3604+ } 3605+ context->symkey = PK11_ReferenceSymKey( symkey ) ; 3606+ 3607+ return 0 ; 3608+} 3609+ 3610+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( 3611+ PK11SymKey* symKey 3612+) { 3613+ xmlSecKeyDataPtr data = NULL ; 3614+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; 3615+ 3616+ xmlSecAssert2( symKey != NULL , NULL ) ; 3617+ 3618+ mechanism = PK11_GetMechanism( symKey ) ; 3619+ switch( mechanism ) { 3620+ case CKM_DES3_KEY_GEN : 3621+ case CKM_DES3_CBC : 3622+ case CKM_DES3_MAC : 3623+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; 3624+ if( data == NULL ) { 3625+ xmlSecError( XMLSEC_ERRORS_HERE , 3626+ NULL , 3627+ "xmlSecKeyDataCreate" , 3628+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3629+ "xmlSecNssKeyDataDesId" ) ; 3630+ return NULL ; 3631+ } 3632+ break ; 3633+ case CKM_AES_KEY_GEN : 3634+ case CKM_AES_CBC : 3635+ case CKM_AES_MAC : 3636+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; 3637+ if( data == NULL ) { 3638+ xmlSecError( XMLSEC_ERRORS_HERE , 3639+ NULL , 3640+ "xmlSecKeyDataCreate" , 3641+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3642+ "xmlSecNssKeyDataDesId" ) ; 3643+ return NULL ; 3644+ } 3645+ break ; 3646+ default : 3647+ xmlSecError( XMLSEC_ERRORS_HERE , 3648+ NULL , 3649+ NULL , 3650+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3651+ "Unsupported mechanism" ) ; 3652+ return NULL ; 3653+ } 3654+ 3655+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { 3656+ xmlSecError( XMLSEC_ERRORS_HERE , 3657+ NULL , 3658+ "xmlSecNssSymKeyDataAdoptKey" , 3659+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 3660+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3661+ 3662+ xmlSecKeyDataDestroy( data ) ; 3663+ return NULL ; 3664+ } 3665+ 3666+ return data ; 3667+} 3668+ 3669+ 3670+PK11SymKey* 3671+xmlSecNssSymKeyDataGetKey( 3672+ xmlSecKeyDataPtr data 3673+) { 3674+ xmlSecNssSymKeyDataCtxPtr ctx; 3675+ PK11SymKey* symkey ; 3676+ 3677+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); 3678+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); 3679+ 3680+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3681+ xmlSecAssert2(ctx != NULL, NULL); 3682+ 3683+ if( ctx->symkey != NULL ) { 3684+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; 3685+ } else { 3686+ symkey = NULL ; 3687+ } 3688+ 3689+ return(symkey); 3690+} 3691+ 3692 static int 3693 xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { 3694+ xmlSecNssSymKeyDataCtxPtr ctx; 3695+ 3696 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); 3697- 3698- return(xmlSecKeyDataBinaryValueInitialize(data)); 3699+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); 3700+ 3701+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3702+ xmlSecAssert2(ctx != NULL, -1); 3703+ 3704+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); 3705+ 3706+ /* Set the block cipher mechanism */ 3707+#ifndef XMLSEC_NO_DES 3708+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { 3709+ ctx->cipher = CKM_DES3_KEY_GEN; 3710+ } else 3711+#endif /* XMLSEC_NO_DES */ 3712+ 3713+#ifndef XMLSEC_NO_AES 3714+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { 3715+ ctx->cipher = CKM_AES_KEY_GEN; 3716+ } else 3717+#endif /* XMLSEC_NO_AES */ 3718+ 3719+ if(1) { 3720+ xmlSecError( XMLSEC_ERRORS_HERE , 3721+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 3722+ NULL , 3723+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3724+ "Unsupported block cipher" ) ; 3725+ return(-1) ; 3726+ } 3727+ 3728+ return(0); 3729 } 3730 3731 static int 3732 xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { 3733+ xmlSecNssSymKeyDataCtxPtr ctxDst; 3734+ xmlSecNssSymKeyDataCtxPtr ctxSrc; 3735+ 3736 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); 3737+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); 3738 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); 3739+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); 3740 xmlSecAssert2(dst->id == src->id, -1); 3741- 3742- return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); 3743+ 3744+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst); 3745+ xmlSecAssert2(ctxDst != NULL, -1); 3746+ 3747+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src); 3748+ xmlSecAssert2(ctxSrc != NULL, -1); 3749+ 3750+ ctxDst->cipher = ctxSrc->cipher ; 3751+ 3752+ if( ctxSrc->slot != NULL ) { 3753+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { 3754+ PK11_FreeSlot( ctxDst->slot ) ; 3755+ ctxDst->slot = NULL ; 3756+ } 3757+ 3758+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) 3759+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; 3760+ } else { 3761+ if( ctxDst->slot != NULL ) { 3762+ PK11_FreeSlot( ctxDst->slot ) ; 3763+ ctxDst->slot = NULL ; 3764+ } 3765+ } 3766+ 3767+ if( ctxSrc->symkey != NULL ) { 3768+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { 3769+ PK11_FreeSymKey( ctxDst->symkey ) ; 3770+ ctxDst->symkey = NULL ; 3771+ } 3772+ 3773+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) 3774+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; 3775+ } else { 3776+ if( ctxDst->symkey != NULL ) { 3777+ PK11_FreeSymKey( ctxDst->symkey ) ; 3778+ ctxDst->symkey = NULL ; 3779+ } 3780+ } 3781+ 3782+ return(0); 3783 } 3784 3785 static void 3786 xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { 3787+ xmlSecNssSymKeyDataCtxPtr ctx; 3788+ 3789 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); 3790- 3791- xmlSecKeyDataBinaryValueFinalize(data); 3792+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); 3793+ 3794+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3795+ xmlSecAssert(ctx != NULL); 3796+ 3797+ if( ctx->slot != NULL ) { 3798+ PK11_FreeSlot( ctx->slot ) ; 3799+ ctx->slot = NULL ; 3800+ } 3801+ 3802+ if( ctx->symkey != NULL ) { 3803+ PK11_FreeSymKey( ctx->symkey ) ; 3804+ ctx->symkey = NULL ; 3805+ } 3806+ 3807+ ctx->cipher = CKM_INVALID_MECHANISM ; 3808 } 3809 3810 static int 3811 xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, 3812 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 3813- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 3814+ PK11SymKey* symKey ; 3815+ PK11SlotInfo* slot ; 3816+ xmlSecBufferPtr keyBuf; 3817+ xmlSecSize len; 3818+ xmlSecKeyDataPtr data; 3819+ xmlSecNssSymKeyDataCtxPtr ctx; 3820+ SECItem keyItem ; 3821+ int ret; 3822+ 3823+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); 3824+ xmlSecAssert2(key != NULL, -1); 3825+ xmlSecAssert2(node != NULL, -1); 3826+ xmlSecAssert2(keyInfoCtx != NULL, -1); 3827+ 3828+ /* Create a new KeyData from a id */ 3829+ data = xmlSecKeyDataCreate(id); 3830+ if(data == NULL ) { 3831+ xmlSecError(XMLSEC_ERRORS_HERE, 3832+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3833+ "xmlSecKeyDataCreate", 3834+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3835+ XMLSEC_ERRORS_NO_MESSAGE); 3836+ return(-1); 3837+ } 3838+ 3839+ ctx = xmlSecNssSymKeyDataGetCtx(data); 3840+ xmlSecAssert2(ctx != NULL, -1); 3841+ 3842+ /* Create a buffer for raw symmetric key value */ 3843+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { 3844+ xmlSecError( XMLSEC_ERRORS_HERE , 3845+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3846+ "xmlSecBufferCreate" , 3847+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3848+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3849+ xmlSecKeyDataDestroy( data ) ; 3850+ return(-1) ; 3851+ } 3852+ 3853+ /* Read the raw key value */ 3854+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { 3855+ xmlSecError( XMLSEC_ERRORS_HERE , 3856+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3857+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 3858+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3859+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3860+ 3861+ xmlSecBufferDestroy( keyBuf ) ; 3862+ xmlSecKeyDataDestroy( data ) ; 3863+ return(-1) ; 3864+ } 3865+ 3866+ /* Get slot */ 3867+ slot = xmlSecNssSlotGet(ctx->cipher); 3868+ if( slot == NULL ) { 3869+ xmlSecError( XMLSEC_ERRORS_HERE , 3870+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3871+ "xmlSecNssSlotGet" , 3872+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3873+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3874+ 3875+ xmlSecBufferDestroy( keyBuf ) ; 3876+ xmlSecKeyDataDestroy( data ) ; 3877+ return(-1) ; 3878+ } 3879+ 3880+ /* Wrap the raw key value SECItem */ 3881+ keyItem.type = siBuffer ; 3882+ keyItem.data = xmlSecBufferGetData( keyBuf ) ; 3883+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ; 3884+ 3885+ /* Import the raw key into slot temporalily and get the key handler*/ 3886+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; 3887+ if( symKey == NULL ) { 3888+ xmlSecError( XMLSEC_ERRORS_HERE , 3889+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3890+ "PK11_ImportSymKey" , 3891+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 3892+ XMLSEC_ERRORS_NO_MESSAGE ) ; 3893+ 3894+ PK11_FreeSlot( slot ) ; 3895+ xmlSecBufferDestroy( keyBuf ) ; 3896+ xmlSecKeyDataDestroy( data ) ; 3897+ return(-1) ; 3898+ } 3899+ PK11_FreeSlot( slot ) ; 3900+ 3901+ /* raw key material has been copied into symKey, it isn't used any more */ 3902+ xmlSecBufferDestroy( keyBuf ) ; 3903+ 3904+ /* Adopt the symmetric key into key data */ 3905+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); 3906+ if(ret < 0) { 3907+ xmlSecError(XMLSEC_ERRORS_HERE, 3908+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3909+ "xmlSecKeyDataBinaryValueSetBuffer", 3910+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3911+ XMLSEC_ERRORS_NO_MESSAGE); 3912+ PK11_FreeSymKey( symKey ) ; 3913+ xmlSecKeyDataDestroy( data ) ; 3914+ return(-1); 3915+ } 3916+ /* symKey has been duplicated into data, it isn't used any more */ 3917+ PK11_FreeSymKey( symKey ) ; 3918+ 3919+ /* Check value */ 3920+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { 3921+ xmlSecError(XMLSEC_ERRORS_HERE, 3922+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3923+ "xmlSecKeyReqMatchKeyValue", 3924+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3925+ XMLSEC_ERRORS_NO_MESSAGE); 3926+ xmlSecKeyDataDestroy( data ) ; 3927+ return(0); 3928+ } 3929 3930- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); 3931+ ret = xmlSecKeySetValue(key, data); 3932+ if(ret < 0) { 3933+ xmlSecError(XMLSEC_ERRORS_HERE, 3934+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3935+ "xmlSecKeySetValue", 3936+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3937+ XMLSEC_ERRORS_NO_MESSAGE); 3938+ xmlSecKeyDataDestroy( data ) ; 3939+ return(-1); 3940+ } 3941+ 3942+ return(0); 3943 } 3944 3945 static int 3946 xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, 3947 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 3948+ PK11SymKey* symKey ; 3949+ 3950 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 3951- 3952- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); 3953+ xmlSecAssert2(key != NULL, -1); 3954+ xmlSecAssert2(node != NULL, -1); 3955+ xmlSecAssert2(keyInfoCtx != NULL, -1); 3956+ 3957+ /* Get symmetric key from "key" */ 3958+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); 3959+ if( symKey != NULL ) { 3960+ SECItem* keyItem ; 3961+ xmlSecBufferPtr keyBuf ; 3962+ 3963+ /* Extract raw key data from symmetric key */ 3964+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { 3965+ xmlSecError(XMLSEC_ERRORS_HERE, 3966+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3967+ "PK11_ExtractKeyValue", 3968+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3969+ XMLSEC_ERRORS_NO_MESSAGE); 3970+ PK11_FreeSymKey( symKey ) ; 3971+ return(-1); 3972+ } 3973+ 3974+ /* Get raw key data from "symKey" */ 3975+ keyItem = PK11_GetKeyData( symKey ) ; 3976+ if(keyItem == NULL) { 3977+ xmlSecError(XMLSEC_ERRORS_HERE, 3978+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3979+ "PK11_GetKeyData", 3980+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3981+ XMLSEC_ERRORS_NO_MESSAGE); 3982+ PK11_FreeSymKey( symKey ) ; 3983+ return(-1); 3984+ } 3985+ 3986+ /* Create key data buffer with raw kwy material */ 3987+ keyBuf = xmlSecBufferCreate(keyItem->len) ; 3988+ if(keyBuf == NULL) { 3989+ xmlSecError(XMLSEC_ERRORS_HERE, 3990+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 3991+ "xmlSecBufferCreate", 3992+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 3993+ XMLSEC_ERRORS_NO_MESSAGE); 3994+ PK11_FreeSymKey( symKey ) ; 3995+ return(-1); 3996+ } 3997+ 3998+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; 3999+ 4000+ /* Write raw key material into current xml node */ 4001+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { 4002+ xmlSecError(XMLSEC_ERRORS_HERE, 4003+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4004+ "xmlSecBufferBase64NodeContentWrite", 4005+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4006+ XMLSEC_ERRORS_NO_MESSAGE); 4007+ xmlSecBufferDestroy(keyBuf); 4008+ PK11_FreeSymKey( symKey ) ; 4009+ return(-1); 4010+ } 4011+ xmlSecBufferDestroy(keyBuf); 4012+ PK11_FreeSymKey( symKey ) ; 4013+ } 4014+ 4015+ return 0 ; 4016 } 4017 4018 static int 4019 xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, 4020 const xmlSecByte* buf, xmlSecSize bufSize, 4021 xmlSecKeyInfoCtxPtr keyInfoCtx) { 4022- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 4023+ PK11SymKey* symKey ; 4024+ PK11SlotInfo* slot ; 4025+ xmlSecKeyDataPtr data; 4026+ xmlSecNssSymKeyDataCtxPtr ctx; 4027+ SECItem keyItem ; 4028+ int ret; 4029+ 4030+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); 4031+ xmlSecAssert2(key != NULL, -1); 4032+ xmlSecAssert2(buf != NULL, -1); 4033+ xmlSecAssert2(bufSize != 0, -1); 4034+ xmlSecAssert2(keyInfoCtx != NULL, -1); 4035+ 4036+ /* Create a new KeyData from a id */ 4037+ data = xmlSecKeyDataCreate(id); 4038+ if(data == NULL ) { 4039+ xmlSecError(XMLSEC_ERRORS_HERE, 4040+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4041+ "xmlSecKeyDataCreate", 4042+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4043+ XMLSEC_ERRORS_NO_MESSAGE); 4044+ return(-1); 4045+ } 4046+ 4047+ ctx = xmlSecNssSymKeyDataGetCtx(data); 4048+ xmlSecAssert2(ctx != NULL, -1); 4049+ 4050+ /* Get slot */ 4051+ slot = xmlSecNssSlotGet(ctx->cipher); 4052+ if( slot == NULL ) { 4053+ xmlSecError( XMLSEC_ERRORS_HERE , 4054+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4055+ "xmlSecNssSlotGet" , 4056+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4057+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4058+ xmlSecKeyDataDestroy( data ) ; 4059+ return(-1) ; 4060+ } 4061+ 4062+ /* Wrap the raw key value SECItem */ 4063+ keyItem.type = siBuffer ; 4064+ keyItem.data = buf ; 4065+ keyItem.len = bufSize ; 4066+ 4067+ /* Import the raw key into slot temporalily and get the key handler*/ 4068+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; 4069+ if( symKey == NULL ) { 4070+ xmlSecError( XMLSEC_ERRORS_HERE , 4071+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4072+ "PK11_ImportSymKey" , 4073+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4074+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4075+ PK11_FreeSlot( slot ) ; 4076+ xmlSecKeyDataDestroy( data ) ; 4077+ return(-1) ; 4078+ } 4079+ 4080+ /* Adopt the symmetric key into key data */ 4081+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); 4082+ if(ret < 0) { 4083+ xmlSecError(XMLSEC_ERRORS_HERE, 4084+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4085+ "xmlSecKeyDataBinaryValueSetBuffer", 4086+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4087+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4088+ PK11_FreeSymKey( symKey ) ; 4089+ PK11_FreeSlot( slot ) ; 4090+ xmlSecKeyDataDestroy( data ) ; 4091+ return(-1); 4092+ } 4093+ /* symKey has been duplicated into data, it isn't used any more */ 4094+ PK11_FreeSymKey( symKey ) ; 4095+ PK11_FreeSlot( slot ) ; 4096+ 4097+ /* Check value */ 4098+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { 4099+ xmlSecError(XMLSEC_ERRORS_HERE, 4100+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4101+ "xmlSecKeyReqMatchKeyValue", 4102+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4103+ XMLSEC_ERRORS_NO_MESSAGE); 4104+ xmlSecKeyDataDestroy( data ) ; 4105+ return(0); 4106+ } 4107 4108- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); 4109+ ret = xmlSecKeySetValue(key, data); 4110+ if(ret < 0) { 4111+ xmlSecError(XMLSEC_ERRORS_HERE, 4112+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4113+ "xmlSecKeySetValue", 4114+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4115+ XMLSEC_ERRORS_NO_MESSAGE); 4116+ xmlSecKeyDataDestroy( data ) ; 4117+ return(-1); 4118+ } 4119+ 4120+ return(0); 4121 } 4122 4123 static int 4124 xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, 4125 xmlSecByte** buf, xmlSecSize* bufSize, 4126 xmlSecKeyInfoCtxPtr keyInfoCtx) { 4127+ PK11SymKey* symKey ; 4128+ 4129 xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); 4130+ xmlSecAssert2(key != NULL, -1); 4131+ xmlSecAssert2(buf != NULL, -1); 4132+ xmlSecAssert2(bufSize != 0, -1); 4133+ xmlSecAssert2(keyInfoCtx != NULL, -1); 4134+ 4135+ /* Get symmetric key from "key" */ 4136+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); 4137+ if( symKey != NULL ) { 4138+ SECItem* keyItem ; 4139+ 4140+ /* Extract raw key data from symmetric key */ 4141+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { 4142+ xmlSecError(XMLSEC_ERRORS_HERE, 4143+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4144+ "PK11_ExtractKeyValue", 4145+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4146+ XMLSEC_ERRORS_NO_MESSAGE); 4147+ PK11_FreeSymKey( symKey ) ; 4148+ return(-1); 4149+ } 4150+ 4151+ /* Get raw key data from "symKey" */ 4152+ keyItem = PK11_GetKeyData( symKey ) ; 4153+ if(keyItem == NULL) { 4154+ xmlSecError(XMLSEC_ERRORS_HERE, 4155+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4156+ "PK11_GetKeyData", 4157+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4158+ XMLSEC_ERRORS_NO_MESSAGE); 4159+ PK11_FreeSymKey( symKey ) ; 4160+ return(-1); 4161+ } 4162+ 4163+ *bufSize = keyItem->len; 4164+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); 4165+ if( *buf == NULL ) { 4166+ xmlSecError(XMLSEC_ERRORS_HERE, 4167+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4168+ NULL, 4169+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4170+ XMLSEC_ERRORS_NO_MESSAGE); 4171+ PK11_FreeSymKey( symKey ) ; 4172+ return(-1); 4173+ } 4174+ 4175+ memcpy((*buf), keyItem->data, (*bufSize)); 4176+ PK11_FreeSymKey( symKey ) ; 4177+ } 4178 4179- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); 4180+ return 0 ; 4181 } 4182 4183 static int 4184 xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { 4185- xmlSecBufferPtr buffer; 4186+ PK11SymKey* symkey ; 4187+ PK11SlotInfo* slot ; 4188+ xmlSecNssSymKeyDataCtxPtr ctx; 4189+ int ret; 4190 4191 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); 4192 xmlSecAssert2(sizeBits > 0, -1); 4193 4194- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); 4195- xmlSecAssert2(buffer != NULL, -1); 4196- 4197- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); 4198+ ctx = xmlSecNssSymKeyDataGetCtx(data); 4199+ xmlSecAssert2(ctx != NULL, -1); 4200+ 4201+ if( sizeBits % 8 != 0 ) { 4202+ xmlSecError(XMLSEC_ERRORS_HERE, 4203+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 4204+ NULL, 4205+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 4206+ "Symmetric key size must be octuple"); 4207+ return(-1); 4208+ } 4209+ 4210+ /* Get slot */ 4211+ slot = xmlSecNssSlotGet(ctx->cipher); 4212+ if( slot == NULL ) { 4213+ xmlSecError( XMLSEC_ERRORS_HERE , 4214+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 4215+ "xmlSecNssSlotGet" , 4216+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4217+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4218+ return(-1) ; 4219+ } 4220+ 4221+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { 4222+ xmlSecError( XMLSEC_ERRORS_HERE , 4223+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4224+ "PK11_Authenticate" , 4225+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4226+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4227+ PK11_FreeSlot( slot ) ; 4228+ return -1 ; 4229+ } 4230+ 4231+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; 4232+ if( symkey == NULL ) { 4233+ xmlSecError( XMLSEC_ERRORS_HERE , 4234+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4235+ "PK11_KeyGen" , 4236+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4237+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4238+ PK11_FreeSlot( slot ) ; 4239+ return -1 ; 4240+ } 4241+ 4242+ if( ctx->slot != NULL ) { 4243+ PK11_FreeSlot( ctx->slot ) ; 4244+ ctx->slot = NULL ; 4245+ } 4246+ ctx->slot = slot ; 4247+ 4248+ if( ctx->symkey != NULL ) { 4249+ PK11_FreeSymKey( ctx->symkey ) ; 4250+ ctx->symkey = NULL ; 4251+ } 4252+ ctx->symkey = symkey ; 4253+ 4254+ return 0; 4255 } 4256 4257 static xmlSecKeyDataType 4258 xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { 4259- xmlSecBufferPtr buffer; 4260+ xmlSecNssSymKeyDataCtxPtr context = NULL ; 4261+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; 4262 4263 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); 4264+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; 4265 4266- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); 4267- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); 4268+ context = xmlSecNssSymKeyDataGetCtx( data ) ; 4269+ if( context == NULL ) { 4270+ xmlSecError( XMLSEC_ERRORS_HERE , 4271+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4272+ "xmlSecNssSymKeyDataGetCtx" , 4273+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4274+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4275+ return xmlSecKeyDataTypeUnknown ; 4276+ } 4277 4278- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); 4279+ if( context->symkey != NULL ) { 4280+ type |= xmlSecKeyDataTypeSymmetric ; 4281+ } else { 4282+ type |= xmlSecKeyDataTypeUnknown ; 4283+ } 4284+ 4285+ return type ; 4286 } 4287 4288 static xmlSecSize 4289 xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { 4290+ xmlSecNssSymKeyDataCtxPtr context ; 4291+ unsigned int length = 0 ; 4292+ 4293 xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); 4294+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; 4295+ context = xmlSecNssSymKeyDataGetCtx( data ) ; 4296+ if( context == NULL ) { 4297+ xmlSecError( XMLSEC_ERRORS_HERE , 4298+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 4299+ "xmlSecNssSymKeyDataGetCtx" , 4300+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 4301+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4302+ return 0 ; 4303+ } 4304+ 4305+ if( context->symkey != NULL ) { 4306+ length = PK11_GetKeyLength( context->symkey ) ; 4307+ length *= 8 ; 4308+ } 4309 4310- return(xmlSecKeyDataBinaryValueGetSize(data)); 4311+ return length ; 4312 } 4313 4314 static void 4315 xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { 4316 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); 4317 4318- xmlSecKeyDataBinaryValueDebugDump(data, output); 4319+ /* print only size, everything else is sensitive */ 4320+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , 4321+ xmlSecKeyDataGetSize(data)) ; 4322 } 4323 4324 static void 4325 xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { 4326 xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); 4327- 4328- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); 4329+ 4330+ /* print only size, everything else is sensitive */ 4331+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , 4332+ xmlSecKeyDataGetSize(data)) ; 4333 } 4334 4335 static int 4336@@ -201,7 +858,7 @@ 4337 *************************************************************************/ 4338 static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { 4339 sizeof(xmlSecKeyDataKlass), 4340- xmlSecKeyDataBinarySize, 4341+ xmlSecNssSymKeyDataSize, 4342 4343 /* data */ 4344 xmlSecNameAESKeyValue, 4345@@ -282,7 +939,7 @@ 4346 *************************************************************************/ 4347 static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { 4348 sizeof(xmlSecKeyDataKlass), 4349- xmlSecKeyDataBinarySize, 4350+ xmlSecNssSymKeyDataSize, 4351 4352 /* data */ 4353 xmlSecNameDESKeyValue, 4354@@ -364,7 +1021,7 @@ 4355 *************************************************************************/ 4356 static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { 4357 sizeof(xmlSecKeyDataKlass), 4358- xmlSecKeyDataBinarySize, 4359+ xmlSecNssSymKeyDataSize, 4360 4361 /* data */ 4362 xmlSecNameHMACKeyValue, 4363--- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200 4364+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200 4365@@ -1 +1,548 @@ 4366-dummy 4367+/** 4368+ * XMLSec library 4369+ * 4370+ * This is free software; see Copyright file in the source 4371+ * distribution for preciese wording. 4372+ * 4373+ * Copyright.................................. 4374+ * 4375+ * Contributor(s): _____________________________ 4376+ * 4377+ */ 4378+ 4379+/** 4380+ * In order to ensure that particular crypto operation is performed on 4381+ * particular crypto device, a subclass of xmlSecList is used to store slot and 4382+ * mechanism information. 4383+ * 4384+ * In the list, a slot is bound with a mechanism. If the mechanism is available, 4385+ * this mechanism only can perform on the slot; otherwise, it can perform on 4386+ * every eligibl slot in the list. 4387+ * 4388+ * When try to find a slot for a particular mechanism, the slot bound with 4389+ * available mechanism will be looked up firstly. 4390+ */ 4391+#include "globals.h" 4392+#include <string.h> 4393+ 4394+#include <xmlsec/xmlsec.h> 4395+#include <xmlsec/errors.h> 4396+#include <xmlsec/list.h> 4397+ 4398+#include <xmlsec/nss/tokens.h> 4399+ 4400+int 4401+xmlSecNssKeySlotSetMechList( 4402+ xmlSecNssKeySlotPtr keySlot , 4403+ CK_MECHANISM_TYPE_PTR mechanismList 4404+) { 4405+ int counter ; 4406+ 4407+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4408+ 4409+ if( keySlot->mechanismList != CK_NULL_PTR ) { 4410+ xmlFree( keySlot->mechanismList ) ; 4411+ 4412+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; 4413+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; 4414+ if( keySlot->mechanismList == NULL ) { 4415+ xmlSecError( XMLSEC_ERRORS_HERE , 4416+ NULL , 4417+ NULL , 4418+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4419+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4420+ return( -1 ); 4421+ } 4422+ for( ; counter >= 0 ; counter -- ) 4423+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; 4424+ } 4425+ 4426+ return( 0 ); 4427+} 4428+ 4429+int 4430+xmlSecNssKeySlotEnableMech( 4431+ xmlSecNssKeySlotPtr keySlot , 4432+ CK_MECHANISM_TYPE mechanism 4433+) { 4434+ int counter ; 4435+ CK_MECHANISM_TYPE_PTR newList ; 4436+ 4437+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4438+ 4439+ if( mechanism != CKM_INVALID_MECHANISM ) { 4440+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; 4441+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; 4442+ if( newList == NULL ) { 4443+ xmlSecError( XMLSEC_ERRORS_HERE , 4444+ NULL , 4445+ NULL , 4446+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4447+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4448+ return( -1 ); 4449+ } 4450+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; 4451+ *( newList + counter ) = mechanism ; 4452+ for( counter -= 1 ; counter >= 0 ; counter -- ) 4453+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; 4454+ 4455+ xmlFree( keySlot->mechanismList ) ; 4456+ keySlot->mechanismList = newList ; 4457+ } 4458+ 4459+ return(0); 4460+} 4461+ 4462+int 4463+xmlSecNssKeySlotDisableMech( 4464+ xmlSecNssKeySlotPtr keySlot , 4465+ CK_MECHANISM_TYPE mechanism 4466+) { 4467+ int counter ; 4468+ 4469+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4470+ 4471+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { 4472+ if( *( keySlot->mechanismList + counter ) == mechanism ) { 4473+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { 4474+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; 4475+ } 4476+ 4477+ break ; 4478+ } 4479+ } 4480+ 4481+ return(0); 4482+} 4483+ 4484+CK_MECHANISM_TYPE_PTR 4485+xmlSecNssKeySlotGetMechList( 4486+ xmlSecNssKeySlotPtr keySlot 4487+) { 4488+ if( keySlot != NULL ) 4489+ return keySlot->mechanismList ; 4490+ else 4491+ return NULL ; 4492+} 4493+ 4494+int 4495+xmlSecNssKeySlotSetSlot( 4496+ xmlSecNssKeySlotPtr keySlot , 4497+ PK11SlotInfo* slot 4498+) { 4499+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4500+ 4501+ if( slot != NULL && keySlot->slot != slot ) { 4502+ if( keySlot->slot != NULL ) 4503+ PK11_FreeSlot( keySlot->slot ) ; 4504+ 4505+ if( keySlot->mechanismList != NULL ) { 4506+ xmlFree( keySlot->mechanismList ) ; 4507+ keySlot->mechanismList = NULL ; 4508+ } 4509+ 4510+ keySlot->slot = PK11_ReferenceSlot( slot ) ; 4511+ } 4512+ 4513+ return(0); 4514+} 4515+ 4516+int 4517+xmlSecNssKeySlotInitialize( 4518+ xmlSecNssKeySlotPtr keySlot , 4519+ PK11SlotInfo* slot 4520+) { 4521+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4522+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; 4523+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; 4524+ 4525+ if( slot != NULL ) { 4526+ keySlot->slot = PK11_ReferenceSlot( slot ) ; 4527+ } 4528+ 4529+ return(0); 4530+} 4531+ 4532+void 4533+xmlSecNssKeySlotFinalize( 4534+ xmlSecNssKeySlotPtr keySlot 4535+) { 4536+ xmlSecAssert( keySlot != NULL ) ; 4537+ 4538+ if( keySlot->mechanismList != NULL ) { 4539+ xmlFree( keySlot->mechanismList ) ; 4540+ keySlot->mechanismList = NULL ; 4541+ } 4542+ 4543+ if( keySlot->slot != NULL ) { 4544+ PK11_FreeSlot( keySlot->slot ) ; 4545+ keySlot->slot = NULL ; 4546+ } 4547+ 4548+} 4549+ 4550+PK11SlotInfo* 4551+xmlSecNssKeySlotGetSlot( 4552+ xmlSecNssKeySlotPtr keySlot 4553+) { 4554+ if( keySlot != NULL ) 4555+ return keySlot->slot ; 4556+ else 4557+ return NULL ; 4558+} 4559+ 4560+xmlSecNssKeySlotPtr 4561+xmlSecNssKeySlotCreate() { 4562+ xmlSecNssKeySlotPtr keySlot ; 4563+ 4564+ /* Allocates a new xmlSecNssKeySlot and fill the fields */ 4565+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; 4566+ if( keySlot == NULL ) { 4567+ xmlSecError( XMLSEC_ERRORS_HERE , 4568+ NULL , 4569+ NULL , 4570+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4571+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4572+ return( NULL ); 4573+ } 4574+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; 4575+ 4576+ return( keySlot ) ; 4577+} 4578+ 4579+int 4580+xmlSecNssKeySlotCopy( 4581+ xmlSecNssKeySlotPtr newKeySlot , 4582+ xmlSecNssKeySlotPtr keySlot 4583+) { 4584+ CK_MECHANISM_TYPE_PTR mech ; 4585+ int counter ; 4586+ 4587+ xmlSecAssert2( newKeySlot != NULL , -1 ) ; 4588+ xmlSecAssert2( keySlot != NULL , -1 ) ; 4589+ 4590+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { 4591+ if( newKeySlot->slot != NULL ) 4592+ PK11_FreeSlot( newKeySlot->slot ) ; 4593+ 4594+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; 4595+ } 4596+ 4597+ if( keySlot->mechanismList != CK_NULL_PTR ) { 4598+ xmlFree( newKeySlot->mechanismList ) ; 4599+ 4600+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; 4601+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; 4602+ if( newKeySlot->mechanismList == NULL ) { 4603+ xmlSecError( XMLSEC_ERRORS_HERE , 4604+ NULL , 4605+ NULL , 4606+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4607+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4608+ return( -1 ); 4609+ } 4610+ for( ; counter >= 0 ; counter -- ) 4611+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; 4612+ } 4613+ 4614+ return( 0 ); 4615+} 4616+ 4617+xmlSecNssKeySlotPtr 4618+xmlSecNssKeySlotDuplicate( 4619+ xmlSecNssKeySlotPtr keySlot 4620+) { 4621+ xmlSecNssKeySlotPtr newKeySlot ; 4622+ int ret ; 4623+ 4624+ xmlSecAssert2( keySlot != NULL , NULL ) ; 4625+ 4626+ newKeySlot = xmlSecNssKeySlotCreate() ; 4627+ if( newKeySlot == NULL ) { 4628+ xmlSecError( XMLSEC_ERRORS_HERE , 4629+ NULL , 4630+ NULL , 4631+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4632+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4633+ return( NULL ); 4634+ } 4635+ 4636+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { 4637+ xmlSecError( XMLSEC_ERRORS_HERE , 4638+ NULL , 4639+ NULL , 4640+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4641+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4642+ return( NULL ); 4643+ } 4644+ 4645+ return( newKeySlot ); 4646+} 4647+ 4648+void 4649+xmlSecNssKeySlotDestroy( 4650+ xmlSecNssKeySlotPtr keySlot 4651+) { 4652+ xmlSecAssert( keySlot != NULL ) ; 4653+ 4654+ if( keySlot->mechanismList != NULL ) 4655+ xmlFree( keySlot->mechanismList ) ; 4656+ 4657+ if( keySlot->slot != NULL ) 4658+ PK11_FreeSlot( keySlot->slot ) ; 4659+ 4660+ xmlFree( keySlot ) ; 4661+} 4662+ 4663+int 4664+xmlSecNssKeySlotBindMech( 4665+ xmlSecNssKeySlotPtr keySlot , 4666+ CK_MECHANISM_TYPE type 4667+) { 4668+ int counter ; 4669+ 4670+ xmlSecAssert2( keySlot != NULL , 0 ) ; 4671+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; 4672+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; 4673+ 4674+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { 4675+ if( *( keySlot->mechanismList + counter ) == type ) 4676+ return(1) ; 4677+ } 4678+ 4679+ return( 0 ) ; 4680+} 4681+ 4682+int 4683+xmlSecNssKeySlotSupportMech( 4684+ xmlSecNssKeySlotPtr keySlot , 4685+ CK_MECHANISM_TYPE type 4686+) { 4687+ xmlSecAssert2( keySlot != NULL , 0 ) ; 4688+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; 4689+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; 4690+ 4691+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { 4692+ return(1); 4693+ } else 4694+ return(0); 4695+} 4696+ 4697+void 4698+xmlSecNssKeySlotDebugDump( 4699+ xmlSecNssKeySlotPtr keySlot , 4700+ FILE* output 4701+) { 4702+ xmlSecAssert( keySlot != NULL ) ; 4703+ xmlSecAssert( output != NULL ) ; 4704+ 4705+ fprintf( output, "== KEY SLOT\n" ); 4706+} 4707+ 4708+void 4709+xmlSecNssKeySlotDebugXmlDump( 4710+ xmlSecNssKeySlotPtr keySlot , 4711+ FILE* output 4712+) { 4713+} 4714+ 4715+/** 4716+ * Key Slot List 4717+ */ 4718+#ifdef __MINGW32__ // for runtime-pseudo-reloc 4719+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { 4720+#else 4721+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { 4722+#endif 4723+ BAD_CAST "mechanism-list", 4724+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, 4725+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, 4726+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, 4727+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, 4728+}; 4729+ 4730+xmlSecPtrListId 4731+xmlSecNssKeySlotListGetKlass(void) { 4732+ return(&xmlSecNssKeySlotPtrListKlass); 4733+} 4734+ 4735+ 4736+/*- 4737+ * Global PKCS#11 crypto token repository -- Key slot list 4738+ */ 4739+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; 4740+ 4741+PK11SlotInfo* 4742+xmlSecNssSlotGet( 4743+ CK_MECHANISM_TYPE type 4744+) { 4745+ PK11SlotInfo* slot = NULL ; 4746+ xmlSecNssKeySlotPtr keySlot ; 4747+ xmlSecSize ksSize ; 4748+ xmlSecSize ksPos ; 4749+ char flag ; 4750+ 4751+ if( _xmlSecNssKeySlotList == NULL ) { 4752+ slot = PK11_GetBestSlot( type , NULL ) ; 4753+ } else { 4754+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; 4755+ 4756+ /*- 4757+ * Firstly, checking whether the mechanism is bound with a special slot. 4758+ * If no bound slot, we try to find the first eligible slot in the list. 4759+ */ 4760+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { 4761+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; 4762+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { 4763+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; 4764+ flag = 2 ; 4765+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { 4766+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; 4767+ flag = 1 ; 4768+ } 4769+ 4770+ if( flag == 2 ) 4771+ break ; 4772+ } 4773+ if( slot != NULL ) 4774+ slot = PK11_ReferenceSlot( slot ) ; 4775+ } 4776+ 4777+ if( slot != NULL && PK11_NeedLogin( slot ) ) { 4778+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { 4779+ xmlSecError( XMLSEC_ERRORS_HERE , 4780+ NULL , 4781+ NULL , 4782+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4783+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4784+ PK11_FreeSlot( slot ) ; 4785+ return( NULL ); 4786+ } 4787+ } 4788+ 4789+ return slot ; 4790+} 4791+ 4792+int 4793+xmlSecNssSlotInitialize( 4794+ void 4795+) { 4796+ if( _xmlSecNssKeySlotList != NULL ) { 4797+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; 4798+ _xmlSecNssKeySlotList = NULL ; 4799+ } 4800+ 4801+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; 4802+ if( _xmlSecNssKeySlotList == NULL ) { 4803+ xmlSecError( XMLSEC_ERRORS_HERE , 4804+ NULL , 4805+ NULL , 4806+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4807+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4808+ return( -1 ); 4809+ } 4810+ 4811+ return(0); 4812+} 4813+ 4814+void 4815+xmlSecNssSlotShutdown( 4816+ void 4817+) { 4818+ if( _xmlSecNssKeySlotList != NULL ) { 4819+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; 4820+ _xmlSecNssKeySlotList = NULL ; 4821+ } 4822+} 4823+ 4824+int 4825+xmlSecNssSlotAdopt( 4826+ PK11SlotInfo* slot, 4827+ CK_MECHANISM_TYPE type 4828+) { 4829+ xmlSecNssKeySlotPtr keySlot ; 4830+ xmlSecSize ksSize ; 4831+ xmlSecSize ksPos ; 4832+ char flag ; 4833+ 4834+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; 4835+ xmlSecAssert2( slot != NULL, -1 ) ; 4836+ 4837+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; 4838+ 4839+ /*- 4840+ * Firstly, checking whether the slot is in the repository already. 4841+ */ 4842+ flag = 0 ; 4843+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { 4844+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; 4845+ /* If find the slot in the list */ 4846+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { 4847+ /* If mechnism type is valid, bind the slot with the mechanism */ 4848+ if( type != CKM_INVALID_MECHANISM ) { 4849+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { 4850+ xmlSecError( XMLSEC_ERRORS_HERE , 4851+ NULL , 4852+ NULL , 4853+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4854+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4855+ return(-1); 4856+ } 4857+ } 4858+ 4859+ flag = 1 ; 4860+ } 4861+ } 4862+ 4863+ /* If the slot do not in the list, add a new item to the list */ 4864+ if( flag == 0 ) { 4865+ /* Create a new KeySlot */ 4866+ keySlot = xmlSecNssKeySlotCreate() ; 4867+ if( keySlot == NULL ) { 4868+ xmlSecError( XMLSEC_ERRORS_HERE , 4869+ NULL , 4870+ NULL , 4871+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4872+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4873+ return(-1); 4874+ } 4875+ 4876+ /* Initialize the keySlot with a slot */ 4877+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { 4878+ xmlSecError( XMLSEC_ERRORS_HERE , 4879+ NULL , 4880+ NULL , 4881+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4882+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4883+ xmlSecNssKeySlotDestroy( keySlot ) ; 4884+ return(-1); 4885+ } 4886+ 4887+ /* If mechnism type is valid, bind the slot with the mechanism */ 4888+ if( type != CKM_INVALID_MECHANISM ) { 4889+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { 4890+ xmlSecError( XMLSEC_ERRORS_HERE , 4891+ NULL , 4892+ NULL , 4893+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4894+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4895+ xmlSecNssKeySlotDestroy( keySlot ) ; 4896+ return(-1); 4897+ } 4898+ } 4899+ 4900+ /* Add keySlot into the list */ 4901+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { 4902+ xmlSecError( XMLSEC_ERRORS_HERE , 4903+ NULL , 4904+ NULL , 4905+ XMLSEC_ERRORS_R_XMLSEC_FAILED , 4906+ XMLSEC_ERRORS_NO_MESSAGE ) ; 4907+ xmlSecNssKeySlotDestroy( keySlot ) ; 4908+ return(-1); 4909+ } 4910+ } 4911+ 4912+ return(0); 4913+} 4914+ 4915--- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200 4916+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200 4917@@ -34,7 +34,6 @@ 4918 #include <xmlsec/keys.h> 4919 #include <xmlsec/keyinfo.h> 4920 #include <xmlsec/keysmngr.h> 4921-#include <xmlsec/x509.h> 4922 #include <xmlsec/base64.h> 4923 #include <xmlsec/errors.h> 4924 4925@@ -61,33 +60,18 @@ 4926 static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, 4927 xmlNodePtr node, 4928 xmlSecKeyInfoCtxPtr keyInfoCtx); 4929-static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, 4930- xmlNodePtr node, 4931- xmlSecKeyInfoCtxPtr keyInfoCtx); 4932 static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, 4933 xmlNodePtr node, 4934 xmlSecKeyInfoCtxPtr keyInfoCtx); 4935-static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, 4936- xmlNodePtr node, 4937- xmlSecKeyInfoCtxPtr keyInfoCtx); 4938 static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, 4939 xmlNodePtr node, 4940 xmlSecKeyInfoCtxPtr keyInfoCtx); 4941-static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, 4942- xmlNodePtr node, 4943- xmlSecKeyInfoCtxPtr keyInfoCtx); 4944 static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, 4945 xmlNodePtr node, 4946 xmlSecKeyInfoCtxPtr keyInfoCtx); 4947-static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, 4948- xmlNodePtr node, 4949- xmlSecKeyInfoCtxPtr keyInfoCtx); 4950 static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, 4951 xmlNodePtr node, 4952 xmlSecKeyInfoCtxPtr keyInfoCtx); 4953-static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, 4954- xmlNodePtr node, 4955- xmlSecKeyInfoCtxPtr keyInfoCtx); 4956 static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, 4957 xmlSecKeyPtr key, 4958 xmlSecKeyInfoCtxPtr keyInfoCtx); 4959@@ -104,9 +88,6 @@ 4960 xmlSecKeyInfoCtxPtr keyInfoCtx); 4961 static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, 4962 int base64LineWrap); 4963-static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); 4964-static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); 4965-static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); 4966 static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, 4967 FILE* output); 4968 static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, 4969@@ -752,31 +733,22 @@ 4970 xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, 4971 xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 4972 xmlSecKeyDataPtr data; 4973+ xmlNodePtr cur; 4974+ xmlChar* buf; 4975 CERTCertificate* cert; 4976 CERTSignedCrl* crl; 4977 xmlSecSize size, pos; 4978- int content = 0; 4979- int ret; 4980 4981 xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); 4982 xmlSecAssert2(key != NULL, -1); 4983 xmlSecAssert2(node != NULL, -1); 4984 xmlSecAssert2(keyInfoCtx != NULL, -1); 4985 4986- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); 4987- if (content < 0) { 4988- xmlSecError(XMLSEC_ERRORS_HERE, 4989- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 4990- "xmlSecX509DataGetNodeContent", 4991- XMLSEC_ERRORS_R_XMLSEC_FAILED, 4992- "content=%d", content); 4993- return(-1); 4994- } else if(content == 0) { 4995- /* by default we are writing certificates and crls */ 4996- content = XMLSEC_X509DATA_DEFAULT; 4997+ /* todo: flag in ctx remove all existing content */ 4998+ if(0) { 4999+ xmlNodeSetContent(node, NULL); 5000 } 5001 5002- /* get x509 data */ 5003 data = xmlSecKeyGetData(key, id); 5004 if(data == NULL) { 5005 /* no x509 data in the key */ 5006@@ -796,79 +768,74 @@ 5007 return(-1); 5008 } 5009 5010- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { 5011- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); 5012- if(ret < 0) { 5013+ /* set base64 lines size from context */ 5014+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); 5015+ if(buf == NULL) { 5016 xmlSecError(XMLSEC_ERRORS_HERE, 5017 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5018- "xmlSecNssX509CertificateNodeWrite", 5019+ "xmlSecNssX509CertBase64DerWrite", 5020 XMLSEC_ERRORS_R_XMLSEC_FAILED, 5021- "pos=%d", pos); 5022+ XMLSEC_ERRORS_NO_MESSAGE); 5023 return(-1); 5024- } 5025 } 5026 5027- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { 5028- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); 5029- if(ret < 0) { 5030+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); 5031+ if(cur == NULL) { 5032 xmlSecError(XMLSEC_ERRORS_HERE, 5033 xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5034- "xmlSecNssX509SubjectNameNodeWrite", 5035+ "xmlSecAddChild", 5036 XMLSEC_ERRORS_R_XMLSEC_FAILED, 5037- "pos=%d", pos); 5038+ "node=%s", 5039+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); 5040+ xmlFree(buf); 5041 return(-1); 5042- } 5043 } 5044+ /* todo: add \n around base64 data - from context */ 5045+ /* todo: add errors check */ 5046+ xmlNodeSetContent(cur, xmlSecStringCR); 5047+ xmlNodeSetContent(cur, buf); 5048+ xmlFree(buf); 5049+ } 5050 5051- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { 5052- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); 5053- if(ret < 0) { 5054- xmlSecError(XMLSEC_ERRORS_HERE, 5055- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5056- "xmlSecNssX509IssuerSerialNodeWrite", 5057- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5058- "pos=%d", pos); 5059- return(-1); 5060- } 5061+ /* write crls */ 5062+ size = xmlSecNssKeyDataX509GetCrlsSize(data); 5063+ for(pos = 0; pos < size; ++pos) { 5064+ crl = xmlSecNssKeyDataX509GetCrl(data, pos); 5065+ if(crl == NULL) { 5066+ xmlSecError(XMLSEC_ERRORS_HERE, 5067+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5068+ "xmlSecNssKeyDataX509GetCrl", 5069+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5070+ "pos=%d", pos); 5071+ return(-1); 5072 } 5073 5074- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { 5075- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); 5076- if(ret < 0) { 5077- xmlSecError(XMLSEC_ERRORS_HERE, 5078- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5079- "xmlSecNssX509SKINodeWrite", 5080- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5081- "pos=%d", pos); 5082- return(-1); 5083- } 5084+ /* set base64 lines size from context */ 5085+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); 5086+ if(buf == NULL) { 5087+ xmlSecError(XMLSEC_ERRORS_HERE, 5088+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5089+ "xmlSecNssX509CrlBase64DerWrite", 5090+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5091+ XMLSEC_ERRORS_NO_MESSAGE); 5092+ return(-1); 5093 } 5094- } 5095 5096- /* write crls if needed */ 5097- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { 5098- size = xmlSecNssKeyDataX509GetCrlsSize(data); 5099- for(pos = 0; pos < size; ++pos) { 5100- crl = xmlSecNssKeyDataX509GetCrl(data, pos); 5101- if(crl == NULL) { 5102- xmlSecError(XMLSEC_ERRORS_HERE, 5103- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5104- "xmlSecNssKeyDataX509GetCrl", 5105- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5106- "pos=%d", pos); 5107- return(-1); 5108- } 5109- 5110- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); 5111- if(ret < 0) { 5112- xmlSecError(XMLSEC_ERRORS_HERE, 5113- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5114- "xmlSecNssX509CRLNodeWrite", 5115- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5116- "pos=%d", pos); 5117- return(-1); 5118- } 5119- } 5120+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); 5121+ if(cur == NULL) { 5122+ xmlSecError(XMLSEC_ERRORS_HERE, 5123+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), 5124+ "xmlSecAddChild", 5125+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5126+ "new_node=%s", 5127+ xmlSecErrorsSafeString(xmlSecNodeX509CRL)); 5128+ xmlFree(buf); 5129+ return(-1); 5130+ } 5131+ /* todo: add \n around base64 data - from context */ 5132+ /* todo: add errors check */ 5133+ xmlNodeSetContent(cur, xmlSecStringCR); 5134+ xmlNodeSetContent(cur, buf); 5135 } 5136 5137 return(0); 5138@@ -1057,46 +1024,6 @@ 5139 return(0); 5140 } 5141 5142-static int 5143-xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5144- xmlChar* buf; 5145- xmlNodePtr cur; 5146- 5147- xmlSecAssert2(cert != NULL, -1); 5148- xmlSecAssert2(node != NULL, -1); 5149- xmlSecAssert2(keyInfoCtx != NULL, -1); 5150- 5151- /* set base64 lines size from context */ 5152- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); 5153- if(buf == NULL) { 5154- xmlSecError(XMLSEC_ERRORS_HERE, 5155- NULL, 5156- "xmlSecNssX509CertBase64DerWrite", 5157- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5158- XMLSEC_ERRORS_NO_MESSAGE); 5159- return(-1); 5160- } 5161- 5162- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); 5163- if(cur == NULL) { 5164- xmlSecError(XMLSEC_ERRORS_HERE, 5165- NULL, 5166- "xmlSecAddChild", 5167- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5168- "node=%s", 5169- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); 5170- xmlFree(buf); 5171- return(-1); 5172- } 5173- 5174- /* todo: add \n around base64 data - from context */ 5175- /* todo: add errors check */ 5176- xmlNodeSetContent(cur, xmlSecStringCR); 5177- xmlNodeSetContent(cur, buf); 5178- xmlFree(buf); 5179- return(0); 5180-} 5181- 5182 static int 5183 xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5184 xmlSecKeyDataStorePtr x509Store; 5185@@ -1120,19 +1047,13 @@ 5186 } 5187 5188 subject = xmlNodeGetContent(node); 5189- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { 5190- if(subject != NULL) { 5191- xmlFree(subject); 5192- } 5193- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5194+ if(subject == NULL) { 5195 xmlSecError(XMLSEC_ERRORS_HERE, 5196 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5197 xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 5198 XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, 5199 XMLSEC_ERRORS_NO_MESSAGE); 5200 return(-1); 5201- } 5202- return(0); 5203 } 5204 5205 cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); 5206@@ -1169,40 +1090,6 @@ 5207 return(0); 5208 } 5209 5210-static int 5211-xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { 5212- xmlChar* buf = NULL; 5213- xmlNodePtr cur = NULL; 5214- 5215- xmlSecAssert2(cert != NULL, -1); 5216- xmlSecAssert2(node != NULL, -1); 5217- 5218- buf = xmlSecNssX509NameWrite(&(cert->subject)); 5219- if(buf == NULL) { 5220- xmlSecError(XMLSEC_ERRORS_HERE, 5221- NULL, 5222- "xmlSecNssX509NameWrite(&(cert->subject))", 5223- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5224- XMLSEC_ERRORS_NO_MESSAGE); 5225- return(-1); 5226- } 5227- 5228- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); 5229- if(cur == NULL) { 5230- xmlSecError(XMLSEC_ERRORS_HERE, 5231- NULL, 5232- "xmlSecAddChild", 5233- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5234- "node=%s", 5235- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); 5236- xmlFree(buf); 5237- return(-1); 5238- } 5239- xmlSecNodeEncodeAndSetContent(cur, buf); 5240- xmlFree(buf); 5241- return(0); 5242-} 5243- 5244 static int 5245 xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5246 xmlSecKeyDataStorePtr x509Store; 5247@@ -1228,21 +1115,9 @@ 5248 } 5249 5250 cur = xmlSecGetNextElementNode(node->children); 5251- if(cur == NULL) { 5252- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5253- xmlSecError(XMLSEC_ERRORS_HERE, 5254- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5255- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), 5256- XMLSEC_ERRORS_R_NODE_NOT_FOUND, 5257- "node=%s", 5258- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); 5259- return(-1); 5260- } 5261- return(0); 5262- } 5263 5264 /* the first is required node X509IssuerName */ 5265- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { 5266+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { 5267 xmlSecError(XMLSEC_ERRORS_HERE, 5268 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5269 xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), 5270@@ -1336,78 +1211,6 @@ 5271 return(0); 5272 } 5273 5274-static int 5275-xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { 5276- xmlNodePtr cur; 5277- xmlNodePtr issuerNameNode; 5278- xmlNodePtr issuerNumberNode; 5279- xmlChar* buf; 5280- 5281- xmlSecAssert2(cert != NULL, -1); 5282- xmlSecAssert2(node != NULL, -1); 5283- 5284- /* create xml nodes */ 5285- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); 5286- if(cur == NULL) { 5287- xmlSecError(XMLSEC_ERRORS_HERE, 5288- NULL, 5289- "xmlSecAddChild", 5290- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5291- "node=%s", 5292- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); 5293- return(-1); 5294- } 5295- 5296- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); 5297- if(issuerNameNode == NULL) { 5298- xmlSecError(XMLSEC_ERRORS_HERE, 5299- NULL, 5300- "xmlSecAddChild", 5301- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5302- "node=%s", 5303- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); 5304- return(-1); 5305- } 5306- 5307- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); 5308- if(issuerNumberNode == NULL) { 5309- xmlSecError(XMLSEC_ERRORS_HERE, 5310- NULL, 5311- "xmlSecAddChild", 5312- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5313- "node=%s", 5314- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); 5315- return(-1); 5316- } 5317- 5318- /* write data */ 5319- buf = xmlSecNssX509NameWrite(&(cert->issuer)); 5320- if(buf == NULL) { 5321- xmlSecError(XMLSEC_ERRORS_HERE, 5322- NULL, 5323- "xmlSecNssX509NameWrite(&(cert->issuer))", 5324- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5325- XMLSEC_ERRORS_NO_MESSAGE); 5326- return(-1); 5327- } 5328- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); 5329- xmlFree(buf); 5330- 5331- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); 5332- if(buf == NULL) { 5333- xmlSecError(XMLSEC_ERRORS_HERE, 5334- NULL, 5335- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", 5336- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5337- XMLSEC_ERRORS_NO_MESSAGE); 5338- return(-1); 5339- } 5340- xmlNodeSetContent(issuerNumberNode, buf); 5341- xmlFree(buf); 5342- 5343- return(0); 5344-} 5345- 5346 static int 5347 xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5348 xmlSecKeyDataStorePtr x509Store; 5349@@ -1431,11 +1234,7 @@ 5350 } 5351 5352 ski = xmlNodeGetContent(node); 5353- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { 5354- if(ski != NULL) { 5355- xmlFree(ski); 5356- } 5357- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5358+ if(ski == NULL) { 5359 xmlSecError(XMLSEC_ERRORS_HERE, 5360 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5361 xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 5362@@ -1443,8 +1242,6 @@ 5363 "node=%s", 5364 xmlSecErrorsSafeString(xmlSecNodeX509SKI)); 5365 return(-1); 5366- } 5367- return(0); 5368 } 5369 5370 cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); 5371@@ -1479,41 +1276,6 @@ 5372 return(0); 5373 } 5374 5375-static int 5376-xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { 5377- xmlChar *buf = NULL; 5378- xmlNodePtr cur = NULL; 5379- 5380- xmlSecAssert2(cert != NULL, -1); 5381- xmlSecAssert2(node != NULL, -1); 5382- 5383- buf = xmlSecNssX509SKIWrite(cert); 5384- if(buf == NULL) { 5385- xmlSecError(XMLSEC_ERRORS_HERE, 5386- NULL, 5387- "xmlSecNssX509SKIWrite", 5388- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5389- XMLSEC_ERRORS_NO_MESSAGE); 5390- return(-1); 5391- } 5392- 5393- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); 5394- if(cur == NULL) { 5395- xmlSecError(XMLSEC_ERRORS_HERE, 5396- NULL, 5397- "xmlSecAddChild", 5398- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5399- "new_node=%s", 5400- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); 5401- xmlFree(buf); 5402- return(-1); 5403- } 5404- xmlSecNodeEncodeAndSetContent(cur, buf); 5405- xmlFree(buf); 5406- 5407- return(0); 5408-} 5409- 5410 static int 5411 xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5412 xmlChar *content; 5413@@ -1524,19 +1286,13 @@ 5414 xmlSecAssert2(keyInfoCtx != NULL, -1); 5415 5416 content = xmlNodeGetContent(node); 5417- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { 5418- if(content != NULL) { 5419- xmlFree(content); 5420- } 5421- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { 5422+ if(content == NULL){ 5423 xmlSecError(XMLSEC_ERRORS_HERE, 5424 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5425 xmlSecErrorsSafeString(xmlSecNodeGetName(node)), 5426 XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, 5427 XMLSEC_ERRORS_NO_MESSAGE); 5428 return(-1); 5429- } 5430- return(0); 5431 } 5432 5433 crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); 5434@@ -1556,47 +1312,6 @@ 5435 } 5436 5437 static int 5438-xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { 5439- xmlChar* buf = NULL; 5440- xmlNodePtr cur = NULL; 5441- 5442- xmlSecAssert2(crl != NULL, -1); 5443- xmlSecAssert2(node != NULL, -1); 5444- xmlSecAssert2(keyInfoCtx != NULL, -1); 5445- 5446- /* set base64 lines size from context */ 5447- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); 5448- if(buf == NULL) { 5449- xmlSecError(XMLSEC_ERRORS_HERE, 5450- NULL, 5451- "xmlSecNssX509CrlBase64DerWrite", 5452- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5453- XMLSEC_ERRORS_NO_MESSAGE); 5454- return(-1); 5455- } 5456- 5457- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); 5458- if(cur == NULL) { 5459- xmlSecError(XMLSEC_ERRORS_HERE, 5460- NULL, 5461- "xmlSecAddChild", 5462- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5463- "new_node=%s", 5464- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); 5465- xmlFree(buf); 5466- return(-1); 5467- } 5468- /* todo: add \n around base64 data - from context */ 5469- /* todo: add errors check */ 5470- xmlNodeSetContent(cur, xmlSecStringCR); 5471- xmlNodeSetContent(cur, buf); 5472- xmlFree(buf); 5473- 5474- return(0); 5475-} 5476- 5477- 5478-static int 5479 xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, 5480 xmlSecKeyInfoCtxPtr keyInfoCtx) { 5481 xmlSecNssX509DataCtxPtr ctx; 5482@@ -1604,6 +1319,10 @@ 5483 int ret; 5484 SECStatus status; 5485 PRTime notBefore, notAfter; 5486+ 5487+ PK11SlotInfo* slot ; 5488+ SECKEYPublicKey *pubKey = NULL; 5489+ SECKEYPrivateKey *priKey = NULL; 5490 5491 xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); 5492 xmlSecAssert2(key != NULL, -1); 5493@@ -1636,10 +1355,14 @@ 5494 xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), 5495 "CERT_DupCertificate", 5496 XMLSEC_ERRORS_R_CRYPTO_FAILED, 5497- XMLSEC_ERRORS_NO_MESSAGE); 5498+ "error code=%d", PORT_GetError()); 5499 return(-1); 5500 } 5501- 5502+ 5503+ /*- 5504+ * Get Public key from cert, which does not always work for sign 5505+ * action. 5506+ * 5507 keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); 5508 if(keyValue == NULL) { 5509 xmlSecError(XMLSEC_ERRORS_HERE, 5510@@ -1649,6 +1372,54 @@ 5511 XMLSEC_ERRORS_NO_MESSAGE); 5512 return(-1); 5513 } 5514+ */ 5515+ /*- 5516+ * I'll search key according to KeyReq. 5517+ */ 5518+ slot = cert->slot ; 5519+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { 5520+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { 5521+ xmlSecError( XMLSEC_ERRORS_HERE , 5522+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 5523+ "PK11_FindPrivateKeyFromCert" , 5524+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 5525+ XMLSEC_ERRORS_NO_MESSAGE ) ; 5526+ return -1 ; 5527+ } 5528+ } 5529+ 5530+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { 5531+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { 5532+ xmlSecError( XMLSEC_ERRORS_HERE , 5533+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 5534+ "CERT_ExtractPublicKey" , 5535+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 5536+ XMLSEC_ERRORS_NO_MESSAGE ) ; 5537+ 5538+ 5539+ if( priKey != NULL ) 5540+ SECKEY_DestroyPrivateKey( priKey ) ; 5541+ return -1 ; 5542+ } 5543+ } 5544+ 5545+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); 5546+ if( keyValue == NULL ) { 5547+ xmlSecError( XMLSEC_ERRORS_HERE , 5548+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , 5549+ "xmlSecNssPKIAdoptKey" , 5550+ XMLSEC_ERRORS_R_CRYPTO_FAILED , 5551+ XMLSEC_ERRORS_NO_MESSAGE ) ; 5552+ 5553+ if( priKey != NULL ) 5554+ SECKEY_DestroyPrivateKey( priKey ) ; 5555+ 5556+ if( pubKey != NULL ) 5557+ SECKEY_DestroyPublicKey( pubKey ) ; 5558+ 5559+ return -1 ; 5560+ } 5561+ /* Modify keyValue get Done */ 5562 5563 /* verify that the key matches our expectations */ 5564 if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { 5565@@ -1950,86 +1721,6 @@ 5566 return(res); 5567 } 5568 5569-static xmlChar* 5570-xmlSecNssX509NameWrite(CERTName* nm) { 5571- xmlChar *res = NULL; 5572- char *str; 5573- 5574- xmlSecAssert2(nm != NULL, NULL); 5575- 5576- str = CERT_NameToAscii(nm); 5577- if (str == NULL) { 5578- xmlSecError(XMLSEC_ERRORS_HERE, 5579- NULL, 5580- "CERT_NameToAscii", 5581- XMLSEC_ERRORS_R_CRYPTO_FAILED, 5582- XMLSEC_ERRORS_NO_MESSAGE); 5583- return(NULL); 5584- } 5585- 5586- res = xmlStrdup(BAD_CAST str); 5587- if(res == NULL) { 5588- xmlSecError(XMLSEC_ERRORS_HERE, 5589- NULL, 5590- "xmlStrdup", 5591- XMLSEC_ERRORS_R_MALLOC_FAILED, 5592- XMLSEC_ERRORS_NO_MESSAGE); 5593- PORT_Free(str); 5594- return(NULL); 5595- } 5596- PORT_Free(str); 5597- return(res); 5598-} 5599- 5600-static xmlChar* 5601-xmlSecNssASN1IntegerWrite(SECItem *num) { 5602- xmlChar *res = NULL; 5603- 5604- xmlSecAssert2(num != NULL, NULL); 5605- 5606- /* TODO : to be implemented after 5607- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed 5608- */ 5609- return(res); 5610-} 5611- 5612-static xmlChar* 5613-xmlSecNssX509SKIWrite(CERTCertificate* cert) { 5614- xmlChar *res = NULL; 5615- SECItem ski; 5616- SECStatus rv; 5617- 5618- xmlSecAssert2(cert != NULL, NULL); 5619- 5620- memset(&ski, 0, sizeof(ski)); 5621- 5622- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); 5623- if (rv != SECSuccess) { 5624- xmlSecError(XMLSEC_ERRORS_HERE, 5625- NULL, 5626- "CERT_FindSubjectKeyIDExtension", 5627- XMLSEC_ERRORS_R_CRYPTO_FAILED, 5628- XMLSEC_ERRORS_NO_MESSAGE); 5629- SECITEM_FreeItem(&ski, PR_FALSE); 5630- return(NULL); 5631- } 5632- 5633- res = xmlSecBase64Encode(ski.data, ski.len, 0); 5634- if(res == NULL) { 5635- xmlSecError(XMLSEC_ERRORS_HERE, 5636- NULL, 5637- "xmlSecBase64Encode", 5638- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5639- XMLSEC_ERRORS_NO_MESSAGE); 5640- SECITEM_FreeItem(&ski, PR_FALSE); 5641- return(NULL); 5642- } 5643- SECITEM_FreeItem(&ski, PR_FALSE); 5644- 5645- return(res); 5646-} 5647- 5648- 5649 static void 5650 xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { 5651 SECItem *sn; 5652--- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 5653+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200 5654@@ -30,6 +30,7 @@ 5655 #include <xmlsec/keyinfo.h> 5656 #include <xmlsec/keysmngr.h> 5657 #include <xmlsec/base64.h> 5658+#include <xmlsec/bn.h> 5659 #include <xmlsec/errors.h> 5660 5661 #include <xmlsec/nss/crypto.h> 5662@@ -61,17 +62,7 @@ 5663 5664 static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); 5665 static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); 5666-static int xmlSecNssX509NameStringRead (xmlSecByte **str, 5667- int *strLen, 5668- xmlSecByte *res, 5669- int resLen, 5670- xmlSecByte delim, 5671- int ingoreTrailingSpaces); 5672-static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, 5673- int len); 5674- 5675-static void xmlSecNssNumToItem(SECItem *it, unsigned long num); 5676- 5677+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; 5678 5679 static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { 5680 sizeof(xmlSecKeyDataStoreKlass), 5681@@ -339,40 +330,28 @@ 5682 xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, 5683 xmlChar *issuerSerial, xmlChar *ski) { 5684 CERTCertificate *cert = NULL; 5685- xmlChar *p = NULL; 5686 CERTName *name = NULL; 5687 SECItem *nameitem = NULL; 5688 PRArenaPool *arena = NULL; 5689 5690 if (subjectName != NULL) { 5691- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); 5692- if (p == NULL) { 5693- xmlSecError(XMLSEC_ERRORS_HERE, 5694- NULL, 5695- "xmlSecNssX509NameRead", 5696- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5697- "subject=%s", 5698- xmlSecErrorsSafeString(subjectName)); 5699- goto done; 5700- } 5701- 5702 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 5703 if (arena == NULL) { 5704 xmlSecError(XMLSEC_ERRORS_HERE, 5705 NULL, 5706 "PORT_NewArena", 5707 XMLSEC_ERRORS_R_CRYPTO_FAILED, 5708- XMLSEC_ERRORS_NO_MESSAGE); 5709+ "error code=%d", PORT_GetError()); 5710 goto done; 5711 } 5712 5713- name = CERT_AsciiToName((char*)p); 5714+ name = CERT_AsciiToName((char*)subjectName); 5715 if (name == NULL) { 5716 xmlSecError(XMLSEC_ERRORS_HERE, 5717 NULL, 5718 "CERT_AsciiToName", 5719 XMLSEC_ERRORS_R_XMLSEC_FAILED, 5720- XMLSEC_ERRORS_NO_MESSAGE); 5721+ "error code=%d", PORT_GetError()); 5722 goto done; 5723 } 5724 5725@@ -394,34 +373,23 @@ 5726 if((issuerName != NULL) && (issuerSerial != NULL)) { 5727 CERTIssuerAndSN issuerAndSN; 5728 5729- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); 5730- if (p == NULL) { 5731- xmlSecError(XMLSEC_ERRORS_HERE, 5732- NULL, 5733- "xmlSecNssX509NameRead", 5734- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5735- "issuer=%s", 5736- xmlSecErrorsSafeString(issuerName)); 5737- goto done; 5738- } 5739- 5740 arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); 5741 if (arena == NULL) { 5742 xmlSecError(XMLSEC_ERRORS_HERE, 5743 NULL, 5744 "PORT_NewArena", 5745 XMLSEC_ERRORS_R_CRYPTO_FAILED, 5746- XMLSEC_ERRORS_NO_MESSAGE); 5747+ "error code=%d", PORT_GetError()); 5748 goto done; 5749 } 5750 5751- name = CERT_AsciiToName((char*)p); 5752+ name = CERT_AsciiToName((char*)issuerName); 5753 if (name == NULL) { 5754 xmlSecError(XMLSEC_ERRORS_HERE, 5755 NULL, 5756 "CERT_AsciiToName", 5757 XMLSEC_ERRORS_R_XMLSEC_FAILED, 5758- XMLSEC_ERRORS_NO_MESSAGE); 5759+ "error code=%d", PORT_GetError()); 5760 goto done; 5761 } 5762 5763@@ -441,8 +409,15 @@ 5764 issuerAndSN.derIssuer.data = nameitem->data; 5765 issuerAndSN.derIssuer.len = nameitem->len; 5766 5767- /* TBD: serial num can be arbitrarily long */ 5768- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); 5769+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { 5770+ xmlSecError(XMLSEC_ERRORS_HERE, 5771+ NULL, 5772+ "xmlSecNssIntegerToItem", 5773+ XMLSEC_ERRORS_R_XMLSEC_FAILED, 5774+ "serial number=%s", 5775+ xmlSecErrorsSafeString(issuerSerial)); 5776+ goto done; 5777+ } 5778 5779 cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), 5780 &issuerAndSN); 5781@@ -473,9 +448,6 @@ 5782 } 5783 5784 done: 5785- if (p != NULL) { 5786- PORT_Free(p); 5787- } 5788 if (arena != NULL) { 5789 PORT_FreeArena(arena, PR_FALSE); 5790 } 5791@@ -486,176 +458,6 @@ 5792 return(cert); 5793 } 5794 5795-static xmlSecByte * 5796-xmlSecNssX509NameRead(xmlSecByte *str, int len) { 5797- xmlSecByte name[256]; 5798- xmlSecByte value[256]; 5799- xmlSecByte *retval = NULL; 5800- xmlSecByte *p = NULL; 5801- int nameLen, valueLen; 5802- 5803- xmlSecAssert2(str != NULL, NULL); 5804- 5805- /* return string should be no longer than input string */ 5806- retval = (xmlSecByte *)PORT_Alloc(len+1); 5807- if(retval == NULL) { 5808- xmlSecError(XMLSEC_ERRORS_HERE, 5809- NULL, 5810- "PORT_Alloc", 5811- XMLSEC_ERRORS_R_MALLOC_FAILED, 5812- XMLSEC_ERRORS_NO_MESSAGE); 5813- return(NULL); 5814- } 5815- p = retval; 5816- 5817- while(len > 0) { 5818- /* skip spaces after comma or semicolon */ 5819- while((len > 0) && isspace(*str)) { 5820- ++str; --len; 5821- } 5822- 5823- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); 5824- if(nameLen < 0) { 5825- xmlSecError(XMLSEC_ERRORS_HERE, 5826- NULL, 5827- "xmlSecNssX509NameStringRead", 5828- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5829- XMLSEC_ERRORS_NO_MESSAGE); 5830- goto done; 5831- } 5832- memcpy(p, name, nameLen); 5833- p+=nameLen; 5834- *p++='='; 5835- if(len > 0) { 5836- ++str; --len; 5837- if((*str) == '\"') { 5838- valueLen = xmlSecNssX509NameStringRead(&str, &len, 5839- value, sizeof(value), '"', 1); 5840- if(valueLen < 0) { 5841- xmlSecError(XMLSEC_ERRORS_HERE, 5842- NULL, 5843- "xmlSecNssX509NameStringRead", 5844- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5845- XMLSEC_ERRORS_NO_MESSAGE); 5846- goto done; 5847- } 5848- /* skip spaces before comma or semicolon */ 5849- while((len > 0) && isspace(*str)) { 5850- ++str; --len; 5851- } 5852- if((len > 0) && ((*str) != ',')) { 5853- xmlSecError(XMLSEC_ERRORS_HERE, 5854- NULL, 5855- NULL, 5856- XMLSEC_ERRORS_R_INVALID_DATA, 5857- "comma is expected"); 5858- goto done; 5859- } 5860- if(len > 0) { 5861- ++str; --len; 5862- } 5863- *p++='\"'; 5864- memcpy(p, value, valueLen); 5865- p+=valueLen; 5866- *p++='\"'; 5867- } else if((*str) == '#') { 5868- /* TODO: read octect values */ 5869- xmlSecError(XMLSEC_ERRORS_HERE, 5870- NULL, 5871- NULL, 5872- XMLSEC_ERRORS_R_INVALID_DATA, 5873- "reading octect values is not implemented yet"); 5874- goto done; 5875- } else { 5876- valueLen = xmlSecNssX509NameStringRead(&str, &len, 5877- value, sizeof(value), ',', 1); 5878- if(valueLen < 0) { 5879- xmlSecError(XMLSEC_ERRORS_HERE, 5880- NULL, 5881- "xmlSecNssX509NameStringRead", 5882- XMLSEC_ERRORS_R_XMLSEC_FAILED, 5883- XMLSEC_ERRORS_NO_MESSAGE); 5884- goto done; 5885- } 5886- memcpy(p, value, valueLen); 5887- p+=valueLen; 5888- if (len > 0) 5889- *p++=','; 5890- } 5891- } else { 5892- valueLen = 0; 5893- } 5894- if(len > 0) { 5895- ++str; --len; 5896- } 5897- } 5898- 5899- *p = 0; 5900- return(retval); 5901- 5902-done: 5903- PORT_Free(retval); 5904- return (NULL); 5905-} 5906- 5907-static int 5908-xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, 5909- xmlSecByte *res, int resLen, 5910- xmlSecByte delim, int ingoreTrailingSpaces) { 5911- xmlSecByte *p, *q, *nonSpace; 5912- 5913- xmlSecAssert2(str != NULL, -1); 5914- xmlSecAssert2(strLen != NULL, -1); 5915- xmlSecAssert2(res != NULL, -1); 5916- 5917- p = (*str); 5918- nonSpace = q = res; 5919- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { 5920- if((*p) != '\\') { 5921- if(ingoreTrailingSpaces && !isspace(*p)) { 5922- nonSpace = q; 5923- } 5924- *(q++) = *(p++); 5925- } else { 5926- ++p; 5927- nonSpace = q; 5928- if(xmlSecIsHex((*p))) { 5929- if((p - (*str) + 1) >= (*strLen)) { 5930- xmlSecError(XMLSEC_ERRORS_HERE, 5931- NULL, 5932- NULL, 5933- XMLSEC_ERRORS_R_INVALID_DATA, 5934- "two hex digits expected"); 5935- return(-1); 5936- } 5937- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); 5938- p += 2; 5939- } else { 5940- if(((++p) - (*str)) >= (*strLen)) { 5941- xmlSecError(XMLSEC_ERRORS_HERE, 5942- NULL, 5943- NULL, 5944- XMLSEC_ERRORS_R_INVALID_DATA, 5945- "escaped symbol missed"); 5946- return(-1); 5947- } 5948- *(q++) = *(p++); 5949- } 5950- } 5951- } 5952- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { 5953- xmlSecError(XMLSEC_ERRORS_HERE, 5954- NULL, 5955- NULL, 5956- XMLSEC_ERRORS_R_INVALID_SIZE, 5957- "buffer is too small"); 5958- return(-1); 5959- } 5960- (*strLen) -= (p - (*str)); 5961- (*str) = p; 5962- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); 5963-} 5964- 5965 /* code lifted from NSS */ 5966 static void 5967 xmlSecNssNumToItem(SECItem *it, unsigned long ui) 5968@@ -699,6 +501,77 @@ 5969 it->len = len; 5970 PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); 5971 } 5972+ 5973+static int 5974+xmlSecNssIntegerToItem( 5975+ const xmlChar* integer , 5976+ SECItem *item 5977+) { 5978+ xmlSecBn bn ; 5979+ xmlSecSize i, length ; 5980+ const xmlSecByte* bnInteger ; 5981+ 5982+ xmlSecAssert2( integer != NULL, -1 ) ; 5983+ xmlSecAssert2( item != NULL, -1 ) ; 5984+ 5985+ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { 5986+ xmlSecError(XMLSEC_ERRORS_HERE, 5987+ NULL, 5988+ "xmlSecBnInitialize", 5989+ XMLSEC_ERRORS_R_INVALID_DATA, 5990+ XMLSEC_ERRORS_NO_MESSAGE); 5991+ return -1 ; 5992+ } 5993+ 5994+ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { 5995+ xmlSecError(XMLSEC_ERRORS_HERE, 5996+ NULL, 5997+ "xmlSecBnFromDecString", 5998+ XMLSEC_ERRORS_R_INVALID_DATA, 5999+ XMLSEC_ERRORS_NO_MESSAGE); 6000+ xmlSecBnFinalize( &bn ) ; 6001+ return -1 ; 6002+ } 6003+ 6004+ length = xmlSecBnGetSize( &bn ) ; 6005+ if( length <= 0 ) { 6006+ xmlSecError(XMLSEC_ERRORS_HERE, 6007+ NULL, 6008+ "xmlSecBnGetSize", 6009+ XMLSEC_ERRORS_R_INVALID_DATA, 6010+ XMLSEC_ERRORS_NO_MESSAGE); 6011+ } 6012+ 6013+ bnInteger = xmlSecBnGetData( &bn ) ; 6014+ if( bnInteger == NULL ) { 6015+ xmlSecError(XMLSEC_ERRORS_HERE, 6016+ NULL, 6017+ "xmlSecBnGetData", 6018+ XMLSEC_ERRORS_R_INVALID_DATA, 6019+ XMLSEC_ERRORS_NO_MESSAGE ) ; 6020+ xmlSecBnFinalize( &bn ) ; 6021+ return -1 ; 6022+ } 6023+ 6024+ item->data = ( unsigned char * )PORT_Alloc( length ); 6025+ if( item->data == NULL ) { 6026+ xmlSecError(XMLSEC_ERRORS_HERE, 6027+ NULL, 6028+ "PORT_Alloc", 6029+ XMLSEC_ERRORS_R_INVALID_DATA, 6030+ XMLSEC_ERRORS_NO_MESSAGE ) ; 6031+ xmlSecBnFinalize( &bn ) ; 6032+ return -1 ; 6033+ } 6034+ 6035+ item->len = length; 6036+ for( i = 0 ; i < length ; i ++ ) 6037+ item->data[i] = *( bnInteger + i ) ; 6038+ 6039+ xmlSecBnFinalize( &bn ) ; 6040+ 6041+ return 0 ; 6042+} 6043 #endif /* XMLSEC_NO_X509 */ 6044 6045 6046--- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 6047+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200 6048@@ -218,6 +218,9 @@ 6049 $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj 6050 6051 XMLSEC_NSS_OBJS = \ 6052+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ 6053+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ 6054+ $(XMLSEC_NSS_INTDIR)\tokens.obj\ 6055 $(XMLSEC_NSS_INTDIR)\app.obj\ 6056 $(XMLSEC_NSS_INTDIR)\bignum.obj\ 6057 $(XMLSEC_NSS_INTDIR)\ciphers.obj \ 6058@@ -253,6 +256,7 @@ 6059 $(XMLSEC_NSS_INTDIR_A)\strings.obj 6060 6061 XMLSEC_MSCRYPTO_OBJS = \ 6062+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ 6063 $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ 6064 $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ 6065 $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ 6066