diff options
Diffstat (limited to 'libxmlsec/xmlsec1-customkeymanage.patch')
| -rw-r--r-- | libxmlsec/xmlsec1-customkeymanage.patch | 6065 |
1 files changed, 0 insertions, 6065 deletions
diff --git a/libxmlsec/xmlsec1-customkeymanage.patch b/libxmlsec/xmlsec1-customkeymanage.patch deleted file mode 100644 index 8bc97c4..0000000 --- a/libxmlsec/xmlsec1-customkeymanage.patch +++ /dev/null @@ -1,6065 +0,0 @@ ---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.am 2009-09-21 14:02:48.563253008 +0200 -@@ -3,6 +3,7 @@ - xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto - - xmlsecmscryptoinc_HEADERS = \ -+akmngr.h \ - app.h \ - certkeys.h \ - crypto.h \ ---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-06-25 22:53:30.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/Makefile.in 2009-09-21 14:02:48.571021349 +0200 -@@ -281,6 +281,7 @@ - NULL = - xmlsecmscryptoincdir = $(includedir)/xmlsec1/xmlsec/mscrypto - xmlsecmscryptoinc_HEADERS = \ -+akmngr.h \ - app.h \ - certkeys.h \ - crypto.h \ ---- misc/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:07:19.052318336 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/mscrypto/akmngr.h 2009-09-21 14:02:48.504966762 +0200 -@@ -1 +1,71 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_MSCRYPTO_AKMNGR_H__ -+#define __XMLSEC_MSCRYPTO_AKMNGR_H__ -+ -+#include <windows.h> -+#include <wincrypt.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -+xmlSecMSCryptoAppliedKeysMngrCreate( -+ HCERTSTORE keyStore , -+ HCERTSTORE certStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY symKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY pubKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY priKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE keyStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE trustedStore -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE untrustedStore -+) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_MSCRYPTO_AKMNGR_H__ */ -+ -+ ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.am 2009-09-21 14:02:48.577933031 +0200 -@@ -10,6 +10,9 @@ - keysstore.h \ - pkikeys.h \ - x509.h \ -+akmngr.h \ -+tokens.h \ -+ciphers.h \ - $(NULL) - - install-exec-hook: ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-06-25 22:53:31.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/Makefile.in 2009-09-21 14:02:48.585376325 +0200 -@@ -288,6 +288,9 @@ - keysstore.h \ - pkikeys.h \ - x509.h \ -+akmngr.h \ -+tokens.h \ -+ciphers.h \ - $(NULL) - - all: all-am ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:07:19.105517659 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/akmngr.h 2009-09-21 14:02:48.510978278 +0200 -@@ -1 +1,56 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_NSS_AKMNGR_H__ -+#define __XMLSEC_NSS_AKMNGR_H__ -+ -+#include <nss.h> -+#include <nspr.h> -+#include <pk11func.h> -+#include <cert.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeysMngrPtr -+xmlSecNssAppliedKeysMngrCreate( -+ PK11SlotInfo** slots, -+ int cSlots, -+ CERTCertDBHandle* handler -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ PK11SymKey* symKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPublicKey* pubKey -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPrivateKey* priKey -+) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_AKMNGR_H__ */ -+ -+ ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/app.h 2009-09-21 14:02:48.612847068 +0200 -@@ -22,6 +22,9 @@ - #include <xmlsec/keysmngr.h> - #include <xmlsec/transforms.h> - -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/akmngr.h> -+ - /** - * Init/shutdown - */ -@@ -36,6 +39,8 @@ - xmlSecKeyPtr key); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrLoad (xmlSecKeysMngrPtr mngr, - const char* uri); -+XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrAdoptKeySlot(xmlSecKeysMngrPtr mngr, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssAppDefaultKeysMngrSave (xmlSecKeysMngrPtr mngr, - const char* filename, - xmlSecKeyDataType type); ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:07:19.146496548 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/ciphers.h 2009-09-21 14:02:48.516689712 +0200 -@@ -1 +1,35 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright .......................... -+ */ -+#ifndef __XMLSEC_NSS_CIPHERS_H__ -+#define __XMLSEC_NSS_CIPHERS_H__ -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+ -+ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSymKeyDataAdoptKey( xmlSecKeyDataPtr data, -+ PK11SymKey* symkey ) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( PK11SymKey* symKey ) ; -+ -+XMLSEC_CRYPTO_EXPORT PK11SymKey* xmlSecNssSymKeyDataGetKey(xmlSecKeyDataPtr data); -+ -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_CIPHERS_H__ */ -+ -+ ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/keysstore.h 2009-09-21 14:02:48.626261748 +0200 -@@ -16,6 +16,8 @@ - #endif /* __cplusplus */ - - #include <xmlsec/xmlsec.h> -+#include <xmlsec/keysmngr.h> -+#include <xmlsec/nss/tokens.h> - - /**************************************************************************** - * -@@ -31,6 +33,8 @@ - XMLSEC_CRYPTO_EXPORT xmlSecKeyStoreId xmlSecNssKeysStoreGetKlass (void); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKey (xmlSecKeyStorePtr store, - xmlSecKeyPtr key); -+XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreAdoptKeySlot(xmlSecKeyStorePtr store, -+ xmlSecNssKeySlotPtr keySlot); - XMLSEC_CRYPTO_EXPORT int xmlSecNssKeysStoreLoad (xmlSecKeyStorePtr store, - const char *uri, - xmlSecKeysMngrPtr keysMngr); ---- misc/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:07:19.172421448 +0200 -+++ misc/build/xmlsec1-1.2.14/include/xmlsec/nss/tokens.h 2009-09-21 14:02:48.522913605 +0200 -@@ -1 +1,182 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. -+ * -+ * Contributor(s): _____________________________ -+ * -+ */ -+#ifndef __XMLSEC_NSS_TOKENS_H__ -+#define __XMLSEC_NSS_TOKENS_H__ -+ -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/list.h> -+ -+#ifdef __cplusplus -+extern "C" { -+#endif /* __cplusplus */ -+ -+/** -+ * xmlSecNssKeySlotListId -+ * -+ * The crypto mechanism list klass -+ */ -+#define xmlSecNssKeySlotListId xmlSecNssKeySlotListGetKlass() -+XMLSEC_CRYPTO_EXPORT xmlSecPtrListId xmlSecNssKeySlotListGetKlass( void ) ; -+ -+/******************************************* -+ * KeySlot interfaces -+ *******************************************/ -+/** -+ * Internal NSS key slot data -+ * @mechanismList: the mechanisms that the slot bound with. -+ * @slot: the pkcs slot -+ * -+ * This context is located after xmlSecPtrList -+ */ -+typedef struct _xmlSecNssKeySlot xmlSecNssKeySlot ; -+typedef struct _xmlSecNssKeySlot* xmlSecNssKeySlotPtr ; -+ -+struct _xmlSecNssKeySlot { -+ CK_MECHANISM_TYPE_PTR mechanismList ; /* mech. array, NULL ternimated */ -+ PK11SlotInfo* slot ; -+} ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSetMechList( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE_PTR mechanismList -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotEnableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotDisableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) ; -+ -+XMLSEC_CRYPTO_EXPORT CK_MECHANISM_TYPE_PTR -+xmlSecNssKeySlotGetMechList( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSetSlot( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotInitialize( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT void -+xmlSecNssKeySlotFinalize( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* -+xmlSecNssKeySlotGetSlot( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -+xmlSecNssKeySlotCreate() ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotCopy( -+ xmlSecNssKeySlotPtr newKeySlot , -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT xmlSecNssKeySlotPtr -+xmlSecNssKeySlotDuplicate( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT void -+xmlSecNssKeySlotDestroy( -+ xmlSecNssKeySlotPtr keySlot -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotBindMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) ; -+ -+XMLSEC_CRYPTO_EXPORT int -+xmlSecNssKeySlotSupportMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) ; -+ -+ -+/************************************************************************ -+ * PKCS#11 crypto token interfaces -+ * -+ * A PKCS#11 slot repository will be defined internally. From the -+ * repository, a user can specify a particular slot for a certain crypto -+ * mechanism. -+ * -+ * In some situation, some cryptographic operation should act in a user -+ * designated devices. The interfaces defined here provide the way. If -+ * the user do not initialize the repository distinctly, the interfaces -+ * use the default functions provided by NSS itself. -+ * -+ ************************************************************************/ -+/** -+ * Initialize NSS pkcs#11 slot repository -+ * -+ * Returns 0 if success or -1 if an error occurs. -+ */ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotInitialize( void ) ; -+ -+/** -+ * Shutdown and destroy NSS pkcs#11 slot repository -+ */ -+XMLSEC_CRYPTO_EXPORT void xmlSecNssSlotShutdown() ; -+ -+/** -+ * Get PKCS#11 slot handler -+ * @type the mechanism that the slot must support. -+ * -+ * Returns a pointer to PKCS#11 slot or NULL if an error occurs. -+ * -+ * Notes: The returned handler must be destroied distinctly. -+ */ -+XMLSEC_CRYPTO_EXPORT PK11SlotInfo* xmlSecNssSlotGet( CK_MECHANISM_TYPE type ) ; -+ -+/** -+ * Adopt a pkcs#11 slot with a mechanism into the repository -+ * @slot: the pkcs#11 slot. -+ * @mech: the mechanism. -+ * -+ * If @mech is available( @mech != CKM_INVALID_MECHANISM ), every operation with -+ * this mechanism only can perform on the @slot. -+ * -+ * Returns 0 if success or -1 if an error occurs. -+ */ -+XMLSEC_CRYPTO_EXPORT int xmlSecNssSlotAdopt( PK11SlotInfo* slot, CK_MECHANISM_TYPE mech ) ; -+ -+#ifdef __cplusplus -+} -+#endif /* __cplusplus */ -+ -+#endif /* __XMLSEC_NSS_TOKENS_H__ */ -+ ---- misc/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:07:19.078910929 +0200 -+++ misc/build/xmlsec1-1.2.14/src/mscrypto/akmngr.c 2009-09-21 14:02:48.531281225 +0200 -@@ -1 +1,236 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright......................... -+ */ -+#include "globals.h" -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/keysmngr.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/mscrypto/crypto.h> -+#include <xmlsec/mscrypto/keysstore.h> -+#include <xmlsec/mscrypto/akmngr.h> -+#include <xmlsec/mscrypto/x509.h> -+ -+/** -+ * xmlSecMSCryptoAppliedKeysMngrCreate: -+ * @hKeyStore: the pointer to key store. -+ * @hCertStore: the pointer to certificate database. -+ * -+ * Create and load key store and certificate database into keys manager -+ * -+ * Returns keys manager pointer on success or NULL otherwise. -+ */ -+xmlSecKeysMngrPtr -+xmlSecMSCryptoAppliedKeysMngrCreate( -+ HCERTSTORE hKeyStore , -+ HCERTSTORE hCertStore -+) { -+ xmlSecKeyDataStorePtr certStore = NULL ; -+ xmlSecKeysMngrPtr keyMngr = NULL ; -+ xmlSecKeyStorePtr keyStore = NULL ; -+ -+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyStoreCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * At present, MS Crypto engine do not provide a way to setup a key store. -+ */ -+ if( keyStore != NULL ) { -+ /*TODO: binding key store.*/ -+ } -+ -+ keyMngr = xmlSecKeysMngrCreate() ; -+ if( keyMngr == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Add key store to manager, from now on keys manager destroys the store if -+ * needed -+ */ -+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Initialize crypto library specific data in keys manager -+ */ -+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecMSCryptoKeysMngrInit" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Set certificate databse to X509 key data store -+ */ -+ /*- -+ * At present, MS Crypto engine do not provide a way to setup a cert store. -+ */ -+ -+ /*- -+ * Set the getKey callback -+ */ -+ keyMngr->getKey = xmlSecKeysMngrGetKey ; -+ -+ return keyMngr ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY symKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY pubKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ HCRYPTKEY priKey -+) { -+ /*TODO: import the key into keys manager.*/ -+ return(0) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE keyStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( keyStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE trustedStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( trustedStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore ( -+ xmlSecKeysMngrPtr mngr , -+ HCERTSTORE untrustedStore -+) { -+ xmlSecKeyDataStorePtr x509Store ; -+ -+ xmlSecAssert2( mngr != NULL, -1 ) ; -+ xmlSecAssert2( untrustedStore != NULL, -1 ) ; -+ -+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; -+ if( x509Store == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , -+ "xmlSecMSCryptoX509StoreAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ) ; -+ } -+ -+ return( 0 ) ; -+} -+ ---- misc/xmlsec1-1.2.14/src/nss/Makefile.am 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.am 2009-09-21 14:02:48.591560472 +0200 -@@ -35,6 +35,9 @@ - kw_des.c \ - kw_aes.c \ - globals.h \ -+ akmngr.c \ -+ keywrapers.c \ -+ tokens.c \ - $(NULL) - - if SHAREDLIB_HACK ---- misc/xmlsec1-1.2.14/src/nss/Makefile.in 2009-06-25 22:53:33.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/Makefile.in 2009-09-21 14:02:48.599339718 +0200 -@@ -72,7 +72,8 @@ - am__libxmlsec1_nss_la_SOURCES_DIST = app.c bignum.c ciphers.c crypto.c \ - digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ - x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ -- ../strings.c -+ ../strings.c \ -+ akmngr.c keywrapers.c tokens.c - am__objects_1 = - @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo - am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ -@@ -83,6 +84,8 @@ - libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \ - libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \ - libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \ -+ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \ -+ libxmlsec1_nss_la-tokens.lo \ - $(am__objects_1) $(am__objects_2) - libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) - libxmlsec1_nss_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \ -@@ -333,6 +336,7 @@ - libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \ - digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ - x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ -+ akmngr.c keywrapers.c tokens.c \ - $(NULL) $(am__append_1) - libxmlsec1_nss_la_LIBADD = \ - ../libxmlsec1.la \ -@@ -439,6 +443,9 @@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ - @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@ - - .c.o: - @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@@ -468,6 +475,27 @@ - @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ - @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c - -+libxmlsec1_nss_la-akmngr.lo: akmngr.c -+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-akmngr.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-akmngr.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='akmngr.c' object='libxmlsec1_nss_la-akmngr.lo' libtool=yes @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c -+ -+libxmlsec1_nss_la-keywrapers.lo: keywrapers.c -+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c -+ -+libxmlsec1_nss_la-tokens.lo: tokens.c -+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='tokens.c' object='libxmlsec1_nss_la-tokens.lo' libtool=yes @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c -+ - libxmlsec1_nss_la-bignum.lo: bignum.c - @am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-bignum.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo -c -o libxmlsec1_nss_la-bignum.lo `test -f 'bignum.c' || echo '$(srcdir)/'`bignum.c - @am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_nss_la-bignum.Tpo $(DEPDIR)/libxmlsec1_nss_la-bignum.Plo ---- misc/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:07:19.197249962 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/akmngr.c 2009-09-21 14:02:48.539616129 +0200 -@@ -1 +1,384 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright......................... -+ */ -+#include "globals.h" -+ -+#include <nspr.h> -+#include <nss.h> -+#include <pk11func.h> -+#include <cert.h> -+#include <keyhi.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/akmngr.h> -+#include <xmlsec/nss/pkikeys.h> -+#include <xmlsec/nss/ciphers.h> -+#include <xmlsec/nss/keysstore.h> -+ -+/** -+ * xmlSecNssAppliedKeysMngrCreate: -+ * @slot: array of pointers to NSS PKCS#11 slot infomation. -+ * @cSlots: number of slots in the array -+ * @handler: the pointer to NSS certificate database. -+ * -+ * Create and load NSS crypto slot and certificate database into keys manager -+ * -+ * Returns keys manager pointer on success or NULL otherwise. -+ */ -+xmlSecKeysMngrPtr -+xmlSecNssAppliedKeysMngrCreate( -+ PK11SlotInfo** slots, -+ int cSlots, -+ CERTCertDBHandle* handler -+) { -+ xmlSecKeyDataStorePtr certStore = NULL ; -+ xmlSecKeysMngrPtr keyMngr = NULL ; -+ xmlSecKeyStorePtr keyStore = NULL ; -+ int islot = 0; -+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyStoreCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ for (islot = 0; islot < cSlots; islot++) -+ { -+ xmlSecNssKeySlotPtr keySlot ; -+ -+ /* Create a key slot */ -+ keySlot = xmlSecNssKeySlotCreate() ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeySlotCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /* Set slot */ -+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeySlotSetSlot" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return NULL ; -+ } -+ -+ /* Adopt keySlot */ -+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeysStoreAdoptKeySlot" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return NULL ; -+ } -+ } -+ -+ keyMngr = xmlSecKeysMngrCreate() ; -+ if( keyMngr == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Add key store to manager, from now on keys manager destroys the store if -+ * needed -+ */ -+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrAdoptKeyStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyStoreDestroy( keyStore ) ; -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Initialize crypto library specific data in keys manager -+ */ -+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Set certificate databse to X509 key data store -+ */ -+ /** -+ * Because Tej's implementation of certDB use the default DB, so I ignore -+ * the certDB handler at present. I'll modify the cert store sources to -+ * accept particular certDB instead of default ones. -+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ; -+ if( certStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecKeysMngrGetDataStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) , -+ "xmlSecNssKeyDataStoreX509SetCertDb" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeysMngrDestroy( keyMngr ) ; -+ return NULL ; -+ } -+ */ -+ -+ /*- -+ * Set the getKey callback -+ */ -+ keyMngr->getKey = xmlSecKeysMngrGetKey ; -+ -+ return keyMngr ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrSymKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ PK11SymKey* symKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrPubKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPublicKey* pubKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( pubKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ -+int -+xmlSecNssAppliedKeysMngrPriKeyLoad( -+ xmlSecKeysMngrPtr mngr , -+ SECKEYPrivateKey* priKey -+) { -+ xmlSecKeyPtr key ; -+ xmlSecKeyDataPtr data ; -+ xmlSecKeyStorePtr keyStore ; -+ -+ xmlSecAssert2( mngr != NULL , -1 ) ; -+ xmlSecAssert2( priKey != NULL , -1 ) ; -+ -+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ; -+ if( keyStore == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeysMngrGetKeysStore" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ; -+ -+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ key = xmlSecKeyCreate() ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataKeyAdopt" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDestroy( key ) ; -+ return(-1) ; -+ } -+ -+ return(0) ; -+} -+ ---- misc/xmlsec1-1.2.14/src/nss/hmac.c 2009-06-26 06:18:13.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/hmac.c 2009-09-21 14:02:48.649065288 +0200 -@@ -23,8 +23,8 @@ - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - --#include <xmlsec/nss/app.h> - #include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/tokens.h> - - /* sizes in bits */ - #define XMLSEC_NSS_MIN_HMAC_SIZE 80 -@@ -286,13 +286,13 @@ - keyItem.data = xmlSecBufferGetData(buffer); - keyItem.len = xmlSecBufferGetSize(buffer); - -- slot = PK11_GetBestSlot(ctx->digestType, NULL); -+ slot = xmlSecNssSlotGet(ctx->digestType); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } - ---- misc/xmlsec1-1.2.14/src/nss/keysstore.c 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/keysstore.c 2009-09-21 14:02:48.633533885 +0200 -@@ -1,36 +1,56 @@ - /** - * XMLSec library - * -- * Nss keys store that uses Simple Keys Store under the hood. Uses the -- * Nss DB as a backing store for the finding keys, but the NSS DB is -- * not written to by the keys store. -- * So, if store->findkey is done and the key is not found in the simple -- * keys store, the NSS DB is looked up. -- * If store is called to adopt a key, that key is not written to the NSS -- * DB. -- * Thus, the NSS DB can be used to pre-load keys and becomes an alternate -- * source of keys for xmlsec -- * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * - * Copyright (c) 2003 America Online, Inc. All rights reserved. - */ -+ -+/** -+ * NSS key store uses a key list and a slot list as the key repository. NSS slot -+ * list is a backup repository for the finding keys. If a key is not found from -+ * the key list, the NSS slot list is looked up. -+ * -+ * Any key in the key list will not save to pkcs11 slot. When a store to called -+ * to adopt a key, the key is resident in the key list; While a store to called -+ * to set a is resident in the key list; While a store to called to set a slot -+ * list, which means that the keys in the listed slot can be used for xml sign- -+ * nature or encryption. -+ * -+ * Then, a user can adjust slot list to effect the crypto behaviors of xmlSec. -+ * -+ * The framework will decrease the user interfaces to administrate xmlSec crypto -+ * engine. He can only focus on NSS layer functions. For examples, after the -+ * user set up a slot list handler to the keys store, he do not need to do any -+ * other work atop xmlSec interfaces, his action on the slot list handler, such -+ * as add a token to, delete a token from the list, will directly effect the key -+ * store behaviors. -+ * -+ * For example, a scenariio: -+ * 0. Create a slot list;( NSS interfaces ) -+ * 1. Create a keys store;( xmlSec interfaces ) -+ * 2. Set slot list with the keys store;( xmlSec Interfaces ) -+ * 3. Add a slot to the slot list;( NSS interfaces ) -+ * 4. Perform xml signature; ( xmlSec Interfaces ) -+ * 5. Deleter a slot from the slot list;( NSS interfaces ) -+ * 6. Perform xml encryption; ( xmlSec Interfaces ) -+ * 7. Perform xml signature;( xmlSec Interfaces ) -+ * 8. Destroy the keys store;( xmlSec Interfaces ) -+ * 8. Destroy the slot list.( NSS Interfaces ) -+ */ - #include "globals.h" - - #include <stdlib.h> - #include <string.h> - - #include <nss.h> --#include <cert.h> - #include <pk11func.h> -+#include <prinit.h> - #include <keyhi.h> - --#include <libxml/tree.h> -- - #include <xmlsec/xmlsec.h> --#include <xmlsec/buffer.h> --#include <xmlsec/base64.h> -+#include <xmlsec/keys.h> - #include <xmlsec/errors.h> - #include <xmlsec/xmltree.h> - -@@ -38,82 +58,461 @@ - - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/keysstore.h> --#include <xmlsec/nss/x509.h> -+#include <xmlsec/nss/tokens.h> -+#include <xmlsec/nss/ciphers.h> - #include <xmlsec/nss/pkikeys.h> - - /**************************************************************************** - * -- * Nss Keys Store. Uses Simple Keys Store under the hood -+ * Internal NSS key store context - * -- * Simple Keys Store ptr is located after xmlSecKeyStore -+ * This context is located after xmlSecKeyStore - * - ***************************************************************************/ -+typedef struct _xmlSecNssKeysStoreCtx xmlSecNssKeysStoreCtx ; -+typedef struct _xmlSecNssKeysStoreCtx* xmlSecNssKeysStoreCtxPtr ; -+ -+struct _xmlSecNssKeysStoreCtx { -+ xmlSecPtrListPtr keyList ; -+ xmlSecPtrListPtr slotList ; -+} ; -+ - #define xmlSecNssKeysStoreSize \ -- (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) -+ ( sizeof( xmlSecKeyStore ) + sizeof( xmlSecNssKeysStoreCtx ) ) - --#define xmlSecNssKeysStoreGetSS(store) \ -- ((xmlSecKeyStoreCheckSize((store), xmlSecNssKeysStoreSize)) ? \ -- (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ -- (xmlSecKeyStorePtr*)NULL) -- --static int xmlSecNssKeysStoreInitialize (xmlSecKeyStorePtr store); --static void xmlSecNssKeysStoreFinalize (xmlSecKeyStorePtr store); --static xmlSecKeyPtr xmlSecNssKeysStoreFindKey (xmlSecKeyStorePtr store, -- const xmlChar* name, -- xmlSecKeyInfoCtxPtr keyInfoCtx); -+#define xmlSecNssKeysStoreGetCtx( data ) \ -+ ( ( xmlSecNssKeysStoreCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyStore ) ) ) - --static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -- sizeof(xmlSecKeyStoreKlass), -- xmlSecNssKeysStoreSize, -+int xmlSecNssKeysStoreAdoptKeySlot( -+ xmlSecKeyStorePtr store , -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( context->slotList == NULL ) { -+ if( ( context->slotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( !xmlSecPtrListCheckId( context->slotList , xmlSecNssKeySlotListId ) ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCheckId" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecPtrListAdd( context->slotList , keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListAdd" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ return 0 ; -+} - -- /* data */ -- BAD_CAST "NSS-keys-store", /* const xmlChar* name; */ -- -- /* constructors/destructor */ -- xmlSecNssKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ -- xmlSecNssKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ -- xmlSecNssKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ -- -- /* reserved for the future */ -- NULL, /* void* reserved0; */ -- NULL, /* void* reserved1; */ --}; -+int xmlSecNssKeysStoreAdoptKey( -+ xmlSecKeyStorePtr store , -+ xmlSecKeyPtr key -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( context->keyList == NULL ) { -+ if( ( context->keyList = xmlSecPtrListCreate( xmlSecKeyPtrListId ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( !xmlSecPtrListCheckId( context->keyList , xmlSecKeyPtrListId ) ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListCheckId" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ if( xmlSecPtrListAdd( context->keyList , key ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecPtrListAdd" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } - --/** -- * xmlSecNssKeysStoreGetKlass: -- * -- * The Nss list based keys store klass. -+ return 0 ; -+} -+ -+/* -+ * xmlSecKeyStoreInitializeMethod: -+ * @store: the store. -+ * -+ * Keys store specific initialization method. - * -- * Returns: Nss list based keys store klass. -+ * Returns 0 on success or a negative value if an error occurs. - */ --xmlSecKeyStoreId --xmlSecNssKeysStoreGetKlass(void) { -- return(&xmlSecNssKeysStoreKlass); -+static int -+xmlSecNssKeysStoreInitialize( -+ xmlSecKeyStorePtr store -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , -1 ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , -1 ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ -+ context->keyList = NULL ; -+ context->slotList = NULL ; -+ -+ return 0 ; - } - - /** -- * xmlSecNssKeysStoreAdoptKey: -- * @store: the pointer to Nss keys store. -- * @key: the pointer to key. -- * -- * Adds @key to the @store. - * -- * Returns: 0 on success or a negative value if an error occurs. -+ * xmlSecKeyStoreFinalizeMethod: -+ * @store: the store. -+ * -+ * Keys store specific finalization (destroy) method. - */ --int --xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -- xmlSecAssert2((key != NULL), -1); -+void -+xmlSecNssKeysStoreFinalize( -+ xmlSecKeyStorePtr store -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ -+ xmlSecAssert( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) ) ; -+ xmlSecAssert( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return ; -+ } -+ -+ if( context->keyList != NULL ) { -+ xmlSecPtrListDestroy( context->keyList ) ; -+ context->keyList = NULL ; -+ } -+ -+ if( context->slotList != NULL ) { -+ xmlSecPtrListDestroy( context->slotList ) ; -+ context->slotList = NULL ; -+ } -+} -+ -+xmlSecKeyPtr -+xmlSecNssKeysStoreFindKeyFromSlot( -+ PK11SlotInfo* slot, -+ const xmlChar* name, -+ xmlSecKeyInfoCtxPtr keyInfoCtx -+) { -+ xmlSecKeyPtr key = NULL ; -+ xmlSecKeyDataPtr data = NULL ; -+ int length ; -+ -+ xmlSecAssert2( slot != NULL , NULL ) ; -+ xmlSecAssert2( name != NULL , NULL ) ; -+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSymmetric ) == xmlSecKeyDataTypeSymmetric ) { -+ PK11SymKey* symKey ; -+ PK11SymKey* curKey ; -+ -+ /* Find symmetric key from the slot by name */ -+ symKey = PK11_ListFixedKeysInSlot( slot , ( char* )name , NULL ) ; -+ for( curKey = symKey ; curKey != NULL ; curKey = PK11_GetNextSymKey( curKey ) ) { -+ /* Check the key request */ -+ length = PK11_GetKeyLength( curKey ) ; -+ length *= 8 ; -+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -+ ( length > 0 ) && -+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -+ continue ; -+ -+ /* We find a eligible key */ -+ data = xmlSecNssSymKeyDataKeyAdopt( curKey ) ; -+ if( data == NULL ) { -+ /* Do nothing */ -+ } -+ break ; -+ } -+ -+ /* Destroy the sym key list */ -+ for( curKey = symKey ; curKey != NULL ; ) { -+ symKey = curKey ; -+ curKey = PK11_GetNextSymKey( symKey ) ; -+ PK11_FreeSymKey( symKey ) ; -+ } -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ SECKEYPublicKeyList* pubKeyList ; -+ SECKEYPublicKey* pubKey ; -+ SECKEYPublicKeyListNode* curPub ; -+ -+ /* Find asymmetric key from the slot by name */ -+ pubKeyList = PK11_ListPublicKeysInSlot( slot , ( char* )name ) ; -+ pubKey = NULL ; -+ curPub = PUBKEY_LIST_HEAD(pubKeyList); -+ for( ; !PUBKEY_LIST_END(curPub, pubKeyList) ; curPub = PUBKEY_LIST_NEXT( curPub ) ) { -+ /* Check the key request */ -+ length = SECKEY_PublicKeyStrength( curPub->key ) ; -+ length *= 8 ; -+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -+ ( length > 0 ) && -+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -+ continue ; -+ -+ /* We find a eligible key */ -+ pubKey = curPub->key ; -+ break ; -+ } -+ -+ if( pubKey != NULL ) { -+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ; -+ if( data == NULL ) { -+ /* Do nothing */ -+ } -+ } -+ -+ /* Destroy the public key list */ -+ SECKEY_DestroyPublicKeyList( pubKeyList ) ; -+ } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ SECKEYPrivateKeyList* priKeyList = NULL ; -+ SECKEYPrivateKey* priKey = NULL ; -+ SECKEYPrivateKeyListNode* curPri ; -+ -+ /* Find asymmetric key from the slot by name */ -+ priKeyList = PK11_ListPrivKeysInSlot( slot , ( char* )name , NULL ) ; -+ priKey = NULL ; -+ curPri = PRIVKEY_LIST_HEAD(priKeyList); -+ for( ; !PRIVKEY_LIST_END(curPri, priKeyList) ; curPri = PRIVKEY_LIST_NEXT( curPri ) ) { -+ /* Check the key request */ -+ length = PK11_SignatureLen( curPri->key ) ; -+ length *= 8 ; -+ if( ( keyInfoCtx->keyReq.keyBitsSize > 0 ) && -+ ( length > 0 ) && -+ ( length < keyInfoCtx->keyReq.keyBitsSize ) ) -+ continue ; -+ -+ /* We find a eligible key */ -+ priKey = curPri->key ; -+ break ; -+ } -+ -+ if( priKey != NULL ) { -+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ; -+ if( data == NULL ) { -+ /* Do nothing */ -+ } -+ } -+ -+ /* Destroy the private key list */ -+ SECKEY_DestroyPrivateKeyList( priKeyList ) ; -+ } -+ -+ /* If we have gotten the key value */ -+ if( data != NULL ) { -+ if( ( key = xmlSecKeyCreate() ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecKeySetValue( key , data ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeySetValue" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDestroy( key ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ } - -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); -+ return(key); -+} -+ -+/** -+ * xmlSecKeyStoreFindKeyMethod: -+ * @store: the store. -+ * @name: the desired key name. -+ * @keyInfoCtx: the pointer to key info context. -+ * -+ * Keys store specific find method. The caller is responsible for destroying -+ * the returned key using #xmlSecKeyDestroy method. -+ * -+ * Returns the pointer to a key or NULL if key is not found or an error occurs. -+ */ -+static xmlSecKeyPtr -+xmlSecNssKeysStoreFindKey( -+ xmlSecKeyStorePtr store , -+ const xmlChar* name , -+ xmlSecKeyInfoCtxPtr keyInfoCtx -+) { -+ xmlSecNssKeysStoreCtxPtr context = NULL ; -+ xmlSecKeyPtr key = NULL ; -+ xmlSecNssKeySlotPtr keySlot = NULL ; -+ xmlSecSize pos ; -+ xmlSecSize size ; -+ -+ xmlSecAssert2( xmlSecKeyStoreCheckId( store , xmlSecNssKeysStoreId ) , NULL ) ; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ) , NULL ) ; -+ xmlSecAssert2( keyInfoCtx != NULL , NULL ) ; -+ -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecNssKeysStoreGetCtx" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ /*- -+ * Look for key at keyList at first. -+ */ -+ if( context->keyList != NULL ) { -+ size = xmlSecPtrListGetSize( context->keyList ) ; -+ for( pos = 0 ; pos < size ; pos ++ ) { -+ key = ( xmlSecKeyPtr )xmlSecPtrListGetItem( context->keyList , pos ) ; -+ if( key != NULL && xmlSecKeyMatch( key , name , &( keyInfoCtx->keyReq ) ) ) { -+ return xmlSecKeyDuplicate( key ) ; -+ } -+ } -+ } -+ -+ /*- -+ * Find the key from slotList -+ */ -+ if( context->slotList != NULL ) { -+ PK11SlotInfo* slot = NULL ; -+ -+ size = xmlSecPtrListGetSize( context->slotList ) ; -+ for( pos = 0 ; pos < size ; pos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( context->slotList , pos ) ; -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ if( slot == NULL ) { -+ continue ; -+ } else { -+ key = xmlSecNssKeysStoreFindKeyFromSlot( slot, name, keyInfoCtx ) ; -+ if( key == NULL ) { -+ continue ; -+ } else { -+ return( key ) ; -+ } -+ } -+ } -+ } -+ -+ /*- -+ * Create a session key if we can not find the key from keyList and slotList -+ */ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypeSession ) == xmlSecKeyDataTypeSession ) { -+ key = xmlSecKeyGenerate( keyInfoCtx->keyReq.keyId , keyInfoCtx->keyReq.keyBitsSize , xmlSecKeyDataTypeSession ) ; -+ if( key == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( store ) ) , -+ "xmlSecKeySetValue" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return NULL ; -+ } -+ -+ return key ; -+ } -+ -+ /** -+ * We have no way to find the key any more. -+ */ -+ return NULL ; -+} -+ -+static xmlSecKeyStoreKlass xmlSecNssKeysStoreKlass = { -+ sizeof( xmlSecKeyStoreKlass ) , -+ xmlSecNssKeysStoreSize , -+ BAD_CAST "implicit_nss_keys_store" , -+ xmlSecNssKeysStoreInitialize , -+ xmlSecNssKeysStoreFinalize , -+ xmlSecNssKeysStoreFindKey , -+ NULL , -+ NULL -+} ; - -- return (xmlSecSimpleKeysStoreAdoptKey(*ss, key)); -+/** -+ * xmlSecNssKeysStoreGetKlass: -+ * -+ * The simple list based keys store klass. -+ * -+ */ -+xmlSecKeyStoreId -+xmlSecNssKeysStoreGetKlass( void ) { -+ return &xmlSecNssKeysStoreKlass ; - } - -+/************************** -+ * Application routines -+ */ -+ - /** - * xmlSecNssKeysStoreLoad: - * @store: the pointer to Nss keys store. -@@ -252,234 +651,147 @@ - */ - int - xmlSecNssKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { -- xmlSecKeyStorePtr *ss; -+ xmlSecKeyInfoCtx keyInfoCtx; -+ xmlSecNssKeysStoreCtxPtr context ; -+ xmlSecPtrListPtr list; -+ xmlSecKeyPtr key; -+ xmlSecSize i, keysSize; -+ xmlDocPtr doc; -+ xmlNodePtr cur; -+ xmlSecKeyDataPtr data; -+ xmlSecPtrListPtr idsList; -+ xmlSecKeyDataId dataId; -+ xmlSecSize idsSize, j; -+ int ret; - - xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -- xmlSecAssert2((filename != NULL), -1); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL) && -- (xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId))), -1); -- -- return (xmlSecSimpleKeysStoreSave(*ss, filename, type)); --} -- --static int --xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { -- xmlSecKeyStorePtr *ss; -+ xmlSecAssert2( xmlSecKeyStoreCheckSize( store , xmlSecNssKeysStoreSize ), -1 ) ; -+ xmlSecAssert2(filename != NULL, -1); - -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), -1); -+ context = xmlSecNssKeysStoreGetCtx( store ) ; -+ xmlSecAssert2( context != NULL, -1 ); - -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2((*ss == NULL), -1); -+ list = context->keyList ; -+ xmlSecAssert2( list != NULL, -1 ); -+ xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecKeyPtrListId), -1); - -- *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); -- if(*ss == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -+ /* create doc */ -+ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); -+ if(doc == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -- "xmlSecKeyStoreCreate", -+ "xmlSecCreateTree", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "xmlSecSimpleKeysStoreId"); -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - -- return(0); --} -- --static void --xmlSecNssKeysStoreFinalize(xmlSecKeyStorePtr store) { -- xmlSecKeyStorePtr *ss; -- -- xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId)); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert((ss != NULL) && (*ss != NULL)); -- -- xmlSecKeyStoreDestroy(*ss); --} -- --static xmlSecKeyPtr --xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, -- xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlSecKeyStorePtr* ss; -- xmlSecKeyPtr key = NULL; -- xmlSecKeyPtr retval = NULL; -- xmlSecKeyReqPtr keyReq = NULL; -- CERTCertificate *cert = NULL; -- SECKEYPublicKey *pubkey = NULL; -- SECKEYPrivateKey *privkey = NULL; -- xmlSecKeyDataPtr data = NULL; -- xmlSecKeyDataPtr x509Data = NULL; -- int ret; -- -- xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecNssKeysStoreId), NULL); -- xmlSecAssert2(keyInfoCtx != NULL, NULL); -- -- ss = xmlSecNssKeysStoreGetSS(store); -- xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); -- -- key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); -- if (key != NULL) { -- return (key); -- } -- -- /* Try to find the key in the NSS DB, and construct an xmlSecKey. -- * we must have a name to lookup keys in NSS DB. -- */ -- if (name == NULL) { -- goto done; -- } -+ idsList = xmlSecKeyDataIdsGet(); -+ xmlSecAssert2(idsList != NULL, -1); - -- /* what type of key are we looking for? -- * TBD: For now, we'll look only for public/private keys using the -- * name as a cert nickname. Later on, we can attempt to find -- * symmetric keys using PK11_FindFixedKey -- */ -- keyReq = &(keyInfoCtx->keyReq); -- if (keyReq->keyType & -- (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) { -- cert = CERT_FindCertByNickname (CERT_GetDefaultCertDB(), (char *)name); -- if (cert == NULL) { -- goto done; -- } -+ keysSize = xmlSecPtrListGetSize(list); -+ idsSize = xmlSecPtrListGetSize(idsList); -+ for(i = 0; i < keysSize; ++i) { -+ key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, i); -+ xmlSecAssert2(key != NULL, -1); - -- if (keyReq->keyType & xmlSecKeyDataTypePublic) { -- pubkey = CERT_ExtractPublicKey(cert); -- if (pubkey == NULL) { -+ cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); -+ if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_ExtractPublicKey", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); -+ xmlFreeDoc(doc); -+ return(-1); - } - -- if (keyReq->keyType & xmlSecKeyDataTypePrivate) { -- privkey = PK11_FindKeyByAnyCert(cert, NULL); -- if (privkey == NULL) { -+ /* special data key name */ -+ if(xmlSecKeyGetName(key) != NULL) { -+ if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PK11_FindKeyByAnyCert", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeKeyName)); -+ xmlFreeDoc(doc); -+ return(-1); - } - } - -- data = xmlSecNssPKIAdoptKey(privkey, pubkey); -- if(data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssPKIAdoptKey", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- privkey = NULL; -- pubkey = NULL; -- -- key = xmlSecKeyCreate(); -- if (key == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return (NULL); -- } -- -- x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); -- if(x509Data == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyDataCreate", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "transform=%s", -- xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); -- goto done; -- } -+ /* create nodes for other keys data */ -+ for(j = 0; j < idsSize; ++j) { -+ dataId = (xmlSecKeyDataId)xmlSecPtrListGetItem(idsList, j); -+ xmlSecAssert2(dataId != xmlSecKeyDataIdUnknown, -1); -+ -+ if(dataId->dataNodeName == NULL) { -+ continue; -+ } -+ -+ data = xmlSecKeyGetData(key, dataId); -+ if(data == NULL) { -+ continue; -+ } - -- ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssKeyDataX509AdoptKeyCert", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- cert = CERT_DupCertificate(cert); -- if (cert == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_DupCertificate", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -+ if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "node=%s", -+ xmlSecErrorsSafeString(dataId->dataNodeName)); -+ xmlFreeDoc(doc); -+ return(-1); -+ } - } - -- ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); -+ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssKeyDataX509AdoptCert", -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlFreeDoc(doc); -+ return(-1); - } -- cert = NULL; - -- ret = xmlSecKeySetValue(key, data); -- if (ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeySetValue", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); -- goto done; -- } -- data = NULL; -+ keyInfoCtx.mode = xmlSecKeyInfoModeWrite; -+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; -+ keyInfoCtx.keyReq.keyType = type; -+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny; - -- ret = xmlSecKeyAdoptData(key, x509Data); -+ /* finally write key in the node */ -+ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); - if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecKeyAdoptData", -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "data=%s", -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); -- goto done; -- } -- x509Data = NULL; -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); -+ xmlFreeDoc(doc); -+ return(-1); -+ } - -- retval = key; -- key = NULL; -+ xmlSecKeyInfoCtxFinalize(&keyInfoCtx); - } - --done: -- if (cert != NULL) { -- CERT_DestroyCertificate(cert); -- } -- if (pubkey != NULL) { -- SECKEY_DestroyPublicKey(pubkey); -- } -- if (privkey != NULL) { -- SECKEY_DestroyPrivateKey(privkey); -- } -- if (data != NULL) { -- xmlSecKeyDataDestroy(data); -- } -- if (x509Data != NULL) { -- xmlSecKeyDataDestroy(x509Data); -- } -- if (key != NULL) { -- xmlSecKeyDestroy(key); -+ /* now write result */ -+ ret = xmlSaveFormatFile(filename, doc, 1); -+ if (ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), -+ "xmlSaveFormatFile", -+ XMLSEC_ERRORS_R_XML_FAILED, -+ "filename=%s", -+ xmlSecErrorsSafeString(filename)); -+ xmlFreeDoc(doc); -+ return(-1); - } - -- return (retval); -+ xmlFreeDoc(doc); -+ return(0); - } ---- misc/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:07:19.223802688 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/keywrapers.c 2009-09-21 14:02:48.548869372 +0200 -@@ -1 +1,1213 @@ --dummy -+/** -+ * -+ * XMLSec library -+ * -+ * AES Algorithm support -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright ................................. -+ */ -+#include "globals.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+#include <hasht.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> -+ -+#define XMLSEC_NSS_AES128_KEY_SIZE 16 -+#define XMLSEC_NSS_AES192_KEY_SIZE 24 -+#define XMLSEC_NSS_AES256_KEY_SIZE 32 -+#define XMLSEC_NSS_DES3_KEY_SIZE 24 -+#define XMLSEC_NSS_DES3_KEY_LENGTH 24 -+#define XMLSEC_NSS_DES3_IV_LENGTH 8 -+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 -+ -+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { -+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 -+}; -+ -+/********************************************************************* -+ * -+ * key wrap transforms -+ * -+ ********************************************************************/ -+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; -+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; -+ -+#define xmlSecNssKeyWrapSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) -+ -+#define xmlSecNssKeyWrapGetCtx( transform ) \ -+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+struct _xmlSecNssKeyWrapCtx { -+ CK_MECHANISM_TYPE cipher ; -+ PK11SymKey* symkey ; -+ xmlSecKeyDataId keyId ; -+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ -+} ; -+ -+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); -+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); -+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, -+ xmlSecKeyReqPtr keyReq); -+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, -+ xmlSecKeyPtr key); -+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, -+ int last, -+ xmlSecTransformCtxPtr transformCtx); -+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); -+ -+static int -+xmlSecNssKeyWrapCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(1); -+ } -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { -+ -+ return(1); -+ } -+ #endif /* XMLSEC_NO_AES */ -+ -+ return(0); -+} -+ -+static xmlSecSize -+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { -+#ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(XMLSEC_NSS_DES3_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_DES */ -+ -+#ifndef XMLSEC_NO_AES -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { -+ return(XMLSEC_NSS_AES128_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { -+ return(XMLSEC_NSS_AES192_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_AES */ -+ -+ if(1) -+ return(0); -+} -+ -+ -+static int -+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ int ret; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ #ifndef XMLSEC_NO_DES -+ if( transform->id == xmlSecNssTransformKWDes3Id ) { -+ context->cipher = CKM_DES3_CBC ; -+ context->keyId = xmlSecNssKeyDataDesId ; -+ } else -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( transform->id == xmlSecNssTransformKWAes128Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes192Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes256Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ #endif /* XMLSEC_NO_AES */ -+ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = NULL ; -+ context->material = NULL ; -+ -+ return(0); -+} -+ -+static void -+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ -+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); -+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert( context != NULL ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ -+ if( context->material != NULL ) { -+ xmlSecBufferDestroy(context->material); -+ context->material = NULL ; -+ } -+} -+ -+static int -+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ xmlSecSize cipherSize = 0 ; -+ -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(keyReq != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ keyReq->keyId = context->keyId; -+ keyReq->keyType = xmlSecKeyDataTypeSymmetric; -+ if(transform->operation == xmlSecTransformOperationEncrypt) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; -+ } -+ -+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ PK11SymKey* symkey = NULL ; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(key != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssSymKeyDataGetKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = symkey ; -+ -+ return(0) ; -+} -+ -+/** -+ * key wrap transform -+ */ -+static int -+xmlSecNssKeyWrapCtxInit( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize blockSize ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ctx->material != NULL ) { -+ xmlSecBufferDestroy( ctx->material ) ; -+ ctx->material = NULL ; -+ } -+ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ ctx->material = xmlSecBufferCreate( blockSize ) ; -+ if( ctx->material == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* read raw key material into context */ -+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+/** -+ * key wrap transform update -+ */ -+static int -+xmlSecNssKeyWrapCtxUpdate( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { -+ xmlSecSize s; -+ xmlSecSize i; -+ xmlSecByte c; -+ -+ xmlSecAssert2(buf != NULL, -1); -+ -+ s = size / 2; -+ --size; -+ for(i = 0; i < s; ++i) { -+ c = buf[i]; -+ buf[i] = buf[size - i]; -+ buf[size - i] = c; -+ } -+ return(0); -+} -+ -+static xmlSecByte * -+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, -+ xmlSecByte *out, xmlSecSize outSize) -+{ -+ PK11Context *context = NULL; -+ SECStatus s; -+ xmlSecByte *digest = NULL; -+ unsigned int len; -+ -+ xmlSecAssert2(in != NULL, NULL); -+ xmlSecAssert2(out != NULL, NULL); -+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); -+ -+ /* Create a context for hashing (digesting) */ -+ context = PK11_CreateDigestContext(SEC_OID_SHA1); -+ if (context == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateDigestContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestBegin(context); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestBegin", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestOp(context, in, inSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestFinal(context, out, &len, outSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ xmlSecAssert2(len == SHA1_LENGTH, NULL); -+ -+ digest = out; -+ -+done: -+ if (context != NULL) { -+ PK11_DestroyContext(context, PR_TRUE); -+ } -+ return (digest); -+} -+ -+static int -+xmlSecNssKWDes3Encrypt( -+ PK11SymKey* symKey , -+ CK_MECHANISM_TYPE cipherMech , -+ const xmlSecByte* iv , -+ xmlSecSize ivSize , -+ const xmlSecByte* in , -+ xmlSecSize inSize , -+ xmlSecByte* out , -+ xmlSecSize outSize , -+ int enc -+) { -+ PK11Context* EncContext = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ int tmp1_outlen; -+ unsigned int tmp2_outlen; -+ int result_len = -1; -+ SECStatus rv; -+ -+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ xmlSecAssert2(iv != NULL, -1); -+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); -+ xmlSecAssert2(in != NULL, -1); -+ xmlSecAssert2(inSize > 0, -1); -+ xmlSecAssert2(out != NULL, -1); -+ xmlSecAssert2(outSize >= inSize, -1); -+ -+ /* Prepare IV */ -+ ivItem.data = ( unsigned char* )iv ; -+ ivItem.len = ivSize ; -+ -+ secParam = PK11_ParamFromIV(cipherMech, &ivItem); -+ if (secParam == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_ParamFromIV", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ EncContext = PK11_CreateContextBySymKey(cipherMech, -+ enc ? CKA_ENCRYPT : CKA_DECRYPT, -+ symKey, secParam); -+ if (EncContext == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateContextBySymKey", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ tmp1_outlen = tmp2_outlen = 0; -+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, -+ (unsigned char *)in, inSize); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CipherOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, -+ &tmp2_outlen, outSize-tmp1_outlen); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ result_len = tmp1_outlen + tmp2_outlen; -+ -+done: -+ if (secParam) { -+ SECITEM_FreeItem(secParam, PR_TRUE); -+ } -+ if (EncContext) { -+ PK11_DestroyContext(EncContext, PR_TRUE); -+ } -+ -+ return(result_len); -+} -+ -+static int -+xmlSecNssKeyWrapDesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ xmlSecByte sha1[SHA1_LENGTH]; -+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; -+ xmlSecByte* in; -+ xmlSecSize inSize; -+ xmlSecByte* out; -+ xmlSecSize outSize; -+ xmlSecSize s; -+ int ret; -+ SECStatus status; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ in = xmlSecBufferGetData(ctx->material); -+ inSize = xmlSecBufferGetSize(ctx->material) ; -+ out = xmlSecBufferGetData(result); -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( encrypt ) { -+ /* step 2: calculate sha1 and CMS */ -+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 3: construct WKCKS */ -+ memcpy(out, in, inSize); -+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); -+ -+ /* step 4: generate random iv */ -+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ if(status != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_GenerateRandom", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ return(-1); -+ } -+ -+ /* step 5: first encryption, result is TEMP1 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 6: construct TEMP2=IV || TEMP1 */ -+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, -+ inSize + XMLSEC_NSS_DES3_IV_LENGTH); -+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* step 7: reverse octets order, result is TEMP3 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 8: second encryption with static IV */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, s, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } else { -+ /* step 2: first decryption with static IV, result is TEMP3 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ in, inSize, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ out, XMLSEC_NSS_DES3_IV_LENGTH, -+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* steps 6 and 7: calculate SHA1 and validate it */ -+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ "SHA1 does not match"); -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapAesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ PK11Context* cipherCtx = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ xmlSecSize inSize ; -+ xmlSecSize inBlocks ; -+ int blockSize ; -+ int midSize ; -+ int finSize ; -+ xmlSecByte* out ; -+ xmlSecSize outSize; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ /* Do not set any IV */ -+ memset(&ivItem, 0, sizeof(ivItem)); -+ -+ /* Get block size */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inSize = xmlSecBufferGetSize( ctx->material ) ; -+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Get Param for context initialization */ -+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ParamFromIV" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -+ if( cipherCtx == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CreateContextBySymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ return(-1); -+ } -+ -+ out = xmlSecBufferGetData(result) ; -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CipherOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return 0 ; -+} -+ -+/** -+ * Block cipher transform final -+ */ -+static int -+xmlSecNssKeyWrapCtxFinal( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ PK11SymKey* targetKey ; -+ xmlSecSize blockSize ; -+ xmlSecBufferPtr result ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Now we get all of the key materail */ -+ /* from now on we will wrap or unwrap the key */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ result = xmlSecBufferCreate( blockSize ) ; -+ if( result == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ switch( ctx->cipher ) { -+ case CKM_DES3_CBC : -+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapDesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ -+ case CKM_AES_CBC : -+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapAesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ } -+ -+ /* Write output */ -+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ xmlSecBufferDestroy(result); -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf, outBuf ; -+ int operation ; -+ int rtv ; -+ -+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; -+ -+ if( transform->status == xmlSecTransformStatusNone ) { -+ transform->status = xmlSecTransformStatusWorking ; -+ } -+ -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ if( transform->status == xmlSecTransformStatusWorking ) { -+ if( context->material == NULL ) { -+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxInit" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( context->material == NULL && last != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "No enough data to intialize transform" ) ; -+ return(-1); -+ } -+ -+ if( context->material != NULL ) { -+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxUpdate" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( last ) { -+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxFinal" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ transform->status = xmlSecTransformStatusFinished ; -+ } -+ } else if( transform->status == xmlSecTransformStatusFinished ) { -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ } else { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+#ifndef XMLSEC_NO_AES -+ -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes128, /* const xmlChar* name; */ -+ xmlSecHrefKWAes128, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes192, /* const xmlChar* name; */ -+ xmlSecHrefKWAes192, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes256, /* const xmlChar* name; */ -+ xmlSecHrefKWAes256, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWAes128GetKlass: -+ * -+ * The AES-128 key wrapper transform klass. -+ * -+ * Returns AES-128 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes128GetKlass(void) { -+ return(&xmlSecNssKWAes128Klass); -+} -+ -+/** -+ * xmlSecNssTransformKWAes192GetKlass: -+ * -+ * The AES-192 key wrapper transform klass. -+ * -+ * Returns AES-192 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes192GetKlass(void) { -+ return(&xmlSecNssKWAes192Klass); -+} -+ -+/** -+ * -+ * The AES-256 key wrapper transform klass. -+ * -+ * Returns AES-256 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes256GetKlass(void) { -+ return(&xmlSecNssKWAes256Klass); -+} -+ -+#endif /* XMLSEC_NO_AES */ -+ -+ -+#ifndef XMLSEC_NO_DES -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWDes3, /* const xmlChar* name; */ -+ xmlSecHrefKWDes3, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWDes3GetKlass: -+ * -+ * The Triple DES key wrapper transform klass. -+ * -+ * Returns Triple DES key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWDes3GetKlass(void) { -+ return(&xmlSecNssKWDes3Klass); -+} -+ -+#endif /* XMLSEC_NO_DES */ -+ ---- misc/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/pkikeys.c 2009-09-21 14:02:48.657352624 +0200 -@@ -24,6 +24,7 @@ - #include <xmlsec/nss/crypto.h> - #include <xmlsec/nss/bignum.h> - #include <xmlsec/nss/pkikeys.h> -+#include <xmlsec/nss/tokens.h> - - /************************************************************************** - * -@@ -115,6 +116,8 @@ - xmlSecNssPKIKeyDataCtxPtr ctxSrc) - { - xmlSecNSSPKIKeyDataCtxFree(ctxDst); -+ ctxDst->privkey = NULL ; -+ ctxDst->pubkey = NULL ; - if (ctxSrc->privkey != NULL) { - ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); - if(ctxDst->privkey == NULL) { -@@ -588,13 +591,13 @@ - goto done; - } - -- slot = PK11_GetBestSlot(CKM_DSA, NULL); -+ slot = xmlSecNssSlotGet(CKM_DSA); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -@@ -792,14 +795,14 @@ - if (slot != NULL) { - PK11_FreeSlot(slot); - } -- if (ret != 0) { -+ - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (data != NULL) { - xmlSecKeyDataDestroy(data); - } -- } -+ - return(ret); - } - -@@ -818,7 +821,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { - /* we can have only private key or public key */ -@@ -940,7 +943,8 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", sizeBits); -+ "size=%d, error code=%d", sizeBits, PORT_GetError()); -+ ret = -1; - goto done; - } - -@@ -950,11 +954,12 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- "size=%d", sizeBits); -+ "size=%d, error code=%d", sizeBits, PORT_GetError()); -+ ret = -1; - goto done; - } - -- slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); -+ slot = xmlSecNssSlotGet(CKM_DSA_KEY_PAIR_GEN); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, - &pubkey, PR_FALSE, PR_TRUE, NULL); -@@ -964,8 +969,9 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - -+ ret = -1; - goto done; - } - -@@ -979,6 +985,8 @@ - goto done; - } - -+ privkey = NULL ; -+ pubkey = NULL ; - ret = 0; - - done: -@@ -991,16 +999,13 @@ - if (pqgVerify != NULL) { - PK11_PQG_DestroyVerify(pqgVerify); - } -- if (ret == 0) { -- return (0); -- } - if (pubkey != NULL) { - SECKEY_DestroyPublicKey(pubkey); - } - if (privkey != NULL) { - SECKEY_DestroyPrivateKey(privkey); - } -- return(-1); -+ return(ret); - } - - static xmlSecKeyDataType -@@ -1010,10 +1015,10 @@ - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), xmlSecKeyDataTypeUnknown); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - if (ctx->privkey != NULL) { - return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); -- } else { -+ } else if( ctx->pubkey != NULL ) { - return(xmlSecKeyDataTypePublic); - } - -@@ -1027,7 +1032,7 @@ - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDsaId), 0); - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == dsaKey, -1);*/ - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } -@@ -1216,13 +1221,13 @@ - goto done; - } - -- slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); -+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS); - if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "PK11_GetBestSlot", -+ "xmlSecNssSlotGet", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - ret = -1; - goto done; - } -@@ -1384,7 +1389,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(xmlSecKeyGetValue(key)); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - - - if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) { -@@ -1455,7 +1460,7 @@ - params.keySizeInBits = sizeBits; - params.pe = 65537; - -- slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); -+ slot = xmlSecNssSlotGet(CKM_RSA_PKCS_KEY_PAIR_GEN); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); - privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, - &pubkey, PR_FALSE, PR_TRUE, NULL); -@@ -1525,7 +1530,7 @@ - - ctx = xmlSecNssPKIKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, -1); -- xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1); -+/* xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == rsaKey, -1);*/ - - return(8 * SECKEY_PublicKeyStrength(ctx->pubkey)); - } ---- misc/xmlsec1-1.2.14/src/nss/symkeys.c 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/symkeys.c 2009-09-21 14:02:48.620574832 +0200 -@@ -15,20 +15,41 @@ - #include <stdio.h> - #include <string.h> - -+#include <pk11func.h> -+#include <nss.h> -+ - #include <xmlsec/xmlsec.h> - #include <xmlsec/xmltree.h> -+#include <xmlsec/base64.h> - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/transforms.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> -+#include <xmlsec/nss/tokens.h> - - /***************************************************************************** - * -- * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary -+ * Symmetic (binary) keys - a wrapper over slot information and PK11SymKey - * - ****************************************************************************/ -+typedef struct _xmlSecNssSymKeyDataCtx xmlSecNssSymKeyDataCtx ; -+typedef struct _xmlSecNssSymKeyDataCtx* xmlSecNssSymKeyDataCtxPtr ; -+ -+struct _xmlSecNssSymKeyDataCtx { -+ CK_MECHANISM_TYPE cipher ; /* the symmetic key mechanism */ -+ PK11SlotInfo* slot ; /* the key resident slot */ -+ PK11SymKey* symkey ; /* the symmetic key */ -+} ; -+ -+#define xmlSecNssSymKeyDataSize \ -+ ( sizeof( xmlSecKeyData ) + sizeof( xmlSecNssSymKeyDataCtx ) ) -+ -+#define xmlSecNssSymKeyDataGetCtx( data ) \ -+ ( ( xmlSecNssSymKeyDataCtxPtr )( ( ( xmlSecByte* )( data ) ) + sizeof( xmlSecKeyData ) ) ) -+ - static int xmlSecNssSymKeyDataInitialize (xmlSecKeyDataPtr data); - static int xmlSecNssSymKeyDataDuplicate (xmlSecKeyDataPtr dst, - xmlSecKeyDataPtr src); -@@ -67,107 +88,743 @@ - (xmlSecKeyDataIsValid((data)) && \ - xmlSecNssSymKeyDataKlassCheck((data)->id)) - -+/** -+ * xmlSecNssSymKeyDataAdoptKey: -+ * @data: the pointer to symmetric key data. -+ * @symkey: the symmetric key -+ * -+ * Set the value of symmetric key data. -+ * -+ * Returns 0 on success or a negative value if an error occurs. -+ */ -+int -+xmlSecNssSymKeyDataAdoptKey( -+ xmlSecKeyDataPtr data , -+ PK11SymKey* symkey -+) { -+ xmlSecNssSymKeyDataCtxPtr context = NULL ; -+ -+ xmlSecAssert2( xmlSecNssSymKeyDataCheckId( data ), -1 ) ; -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), -1 ) ; -+ xmlSecAssert2( symkey != NULL, -1 ) ; -+ -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ xmlSecAssert2(context != NULL, -1); -+ -+ context->cipher = PK11_GetMechanism( symkey ) ; -+ -+ if( context->slot != NULL ) { -+ PK11_FreeSlot( context->slot ) ; -+ context->slot = NULL ; -+ } -+ context->slot = PK11_GetSlotFromKey( symkey ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ context->symkey = PK11_ReferenceSymKey( symkey ) ; -+ -+ return 0 ; -+} -+ -+xmlSecKeyDataPtr xmlSecNssSymKeyDataKeyAdopt( -+ PK11SymKey* symKey -+) { -+ xmlSecKeyDataPtr data = NULL ; -+ CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM ; -+ -+ xmlSecAssert2( symKey != NULL , NULL ) ; -+ -+ mechanism = PK11_GetMechanism( symKey ) ; -+ switch( mechanism ) { -+ case CKM_DES3_KEY_GEN : -+ case CKM_DES3_CBC : -+ case CKM_DES3_MAC : -+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataDesId ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyDataCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "xmlSecNssKeyDataDesId" ) ; -+ return NULL ; -+ } -+ break ; -+ case CKM_AES_KEY_GEN : -+ case CKM_AES_CBC : -+ case CKM_AES_MAC : -+ data = xmlSecKeyDataCreate( xmlSecNssKeyDataAesId ) ; -+ if( data == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecKeyDataCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "xmlSecNssKeyDataDesId" ) ; -+ return NULL ; -+ } -+ break ; -+ default : -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ "Unsupported mechanism" ) ; -+ return NULL ; -+ } -+ -+ if( xmlSecNssSymKeyDataAdoptKey( data , symKey ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssSymKeyDataAdoptKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecKeyDataDestroy( data ) ; -+ return NULL ; -+ } -+ -+ return data ; -+} -+ -+ -+PK11SymKey* -+xmlSecNssSymKeyDataGetKey( -+ xmlSecKeyDataPtr data -+) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ PK11SymKey* symkey ; -+ -+ xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), NULL); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), NULL); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, NULL); -+ -+ if( ctx->symkey != NULL ) { -+ symkey = PK11_ReferenceSymKey( ctx->symkey ) ; -+ } else { -+ symkey = NULL ; -+ } -+ -+ return(symkey); -+} -+ - static int - xmlSecNssSymKeyDataInitialize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); -- -- return(xmlSecKeyDataBinaryValueInitialize(data)); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize), -1); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ memset( ctx, 0, sizeof(xmlSecNssSymKeyDataCtx)); -+ -+ /* Set the block cipher mechanism */ -+#ifndef XMLSEC_NO_DES -+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { -+ ctx->cipher = CKM_DES3_KEY_GEN; -+ } else -+#endif /* XMLSEC_NO_DES */ -+ -+#ifndef XMLSEC_NO_AES -+ if(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataDesId)) { -+ ctx->cipher = CKM_AES_KEY_GEN; -+ } else -+#endif /* XMLSEC_NO_AES */ -+ -+ if(1) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ "Unsupported block cipher" ) ; -+ return(-1) ; -+ } -+ -+ return(0); - } - - static int - xmlSecNssSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { -+ xmlSecNssSymKeyDataCtxPtr ctxDst; -+ xmlSecNssSymKeyDataCtxPtr ctxSrc; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(dst), -1); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecNssSymKeyDataSize), -1); - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(src), -1); -+ xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecNssSymKeyDataSize), -1); - xmlSecAssert2(dst->id == src->id, -1); -- -- return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); -+ -+ ctxDst = xmlSecNssSymKeyDataGetCtx(dst); -+ xmlSecAssert2(ctxDst != NULL, -1); -+ -+ ctxSrc = xmlSecNssSymKeyDataGetCtx(src); -+ xmlSecAssert2(ctxSrc != NULL, -1); -+ -+ ctxDst->cipher = ctxSrc->cipher ; -+ -+ if( ctxSrc->slot != NULL ) { -+ if( ctxDst->slot != NULL && ctxDst->slot != ctxSrc->slot ) { -+ PK11_FreeSlot( ctxDst->slot ) ; -+ ctxDst->slot = NULL ; -+ } -+ -+ if( ctxDst->slot == NULL && ctxSrc->slot != NULL ) -+ ctxDst->slot = PK11_ReferenceSlot( ctxSrc->slot ) ; -+ } else { -+ if( ctxDst->slot != NULL ) { -+ PK11_FreeSlot( ctxDst->slot ) ; -+ ctxDst->slot = NULL ; -+ } -+ } -+ -+ if( ctxSrc->symkey != NULL ) { -+ if( ctxDst->symkey != NULL && ctxDst->symkey != ctxSrc->symkey ) { -+ PK11_FreeSymKey( ctxDst->symkey ) ; -+ ctxDst->symkey = NULL ; -+ } -+ -+ if( ctxDst->symkey == NULL && ctxSrc->symkey != NULL ) -+ ctxDst->symkey = PK11_ReferenceSymKey( ctxSrc->symkey ) ; -+ } else { -+ if( ctxDst->symkey != NULL ) { -+ PK11_FreeSymKey( ctxDst->symkey ) ; -+ ctxDst->symkey = NULL ; -+ } -+ } -+ -+ return(0); - } - - static void - xmlSecNssSymKeyDataFinalize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -- -- xmlSecKeyDataBinaryValueFinalize(data); -+ xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecNssSymKeyDataSize)); -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert(ctx != NULL); -+ -+ if( ctx->slot != NULL ) { -+ PK11_FreeSlot( ctx->slot ) ; -+ ctx->slot = NULL ; -+ } -+ -+ if( ctx->symkey != NULL ) { -+ PK11_FreeSymKey( ctx->symkey ) ; -+ ctx->symkey = NULL ; -+ } -+ -+ ctx->cipher = CKM_INVALID_MECHANISM ; - } - - static int - xmlSecNssSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ PK11SymKey* symKey ; -+ PK11SlotInfo* slot ; -+ xmlSecBufferPtr keyBuf; -+ xmlSecSize len; -+ xmlSecKeyDataPtr data; -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ SECItem keyItem ; -+ int ret; -+ -+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(node != NULL, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Create a new KeyData from a id */ -+ data = xmlSecKeyDataCreate(id); -+ if(data == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ /* Create a buffer for raw symmetric key value */ -+ if( ( keyBuf = xmlSecBufferCreate( 128 ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Read the raw key value */ -+ if( xmlSecBufferBase64NodeContentRead( keyBuf , node ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBufferDestroy( keyBuf ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Get slot */ -+ slot = xmlSecNssSlotGet(ctx->cipher); -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ xmlSecBufferDestroy( keyBuf ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Wrap the raw key value SECItem */ -+ keyItem.type = siBuffer ; -+ keyItem.data = xmlSecBufferGetData( keyBuf ) ; -+ keyItem.len = xmlSecBufferGetSize( keyBuf ) ; -+ -+ /* Import the raw key into slot temporalily and get the key handler*/ -+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; -+ if( symKey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ImportSymKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ PK11_FreeSlot( slot ) ; -+ xmlSecBufferDestroy( keyBuf ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ PK11_FreeSlot( slot ) ; -+ -+ /* raw key material has been copied into symKey, it isn't used any more */ -+ xmlSecBufferDestroy( keyBuf ) ; -+ -+ /* Adopt the symmetric key into key data */ -+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataBinaryValueSetBuffer", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ /* symKey has been duplicated into data, it isn't used any more */ -+ PK11_FreeSymKey( symKey ) ; -+ -+ /* Check value */ -+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyReqMatchKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(0); -+ } - -- return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); -+ ret = xmlSecKeySetValue(key, data); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeySetValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ -+ return(0); - } - - static int - xmlSecNssSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ PK11SymKey* symKey ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -- -- return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(node != NULL, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Get symmetric key from "key" */ -+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); -+ if( symKey != NULL ) { -+ SECItem* keyItem ; -+ xmlSecBufferPtr keyBuf ; -+ -+ /* Extract raw key data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ExtractKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Get raw key data from "symKey" */ -+ keyItem = PK11_GetKeyData( symKey ) ; -+ if(keyItem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_GetKeyData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Create key data buffer with raw kwy material */ -+ keyBuf = xmlSecBufferCreate(keyItem->len) ; -+ if(keyBuf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ xmlSecBufferSetData( keyBuf , keyItem->data , keyItem->len ) ; -+ -+ /* Write raw key material into current xml node */ -+ if( xmlSecBufferBase64NodeContentWrite( keyBuf, node, XMLSEC_BASE64_LINESIZE ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecBufferBase64NodeContentWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBufferDestroy(keyBuf); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ xmlSecBufferDestroy(keyBuf); -+ PK11_FreeSymKey( symKey ) ; -+ } -+ -+ return 0 ; - } - - static int - xmlSecNssSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - const xmlSecByte* buf, xmlSecSize bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ PK11SymKey* symKey ; -+ PK11SlotInfo* slot ; -+ xmlSecKeyDataPtr data; -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ SECItem keyItem ; -+ int ret; -+ -+ xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(buf != NULL, -1); -+ xmlSecAssert2(bufSize != 0, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Create a new KeyData from a id */ -+ data = xmlSecKeyDataCreate(id); -+ if(data == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataCreate", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ /* Get slot */ -+ slot = xmlSecNssSlotGet(ctx->cipher); -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Wrap the raw key value SECItem */ -+ keyItem.type = siBuffer ; -+ keyItem.data = buf ; -+ keyItem.len = bufSize ; -+ -+ /* Import the raw key into slot temporalily and get the key handler*/ -+ symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginGenerated, CKA_VALUE, &keyItem, NULL ) ; -+ if( symKey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ImportSymKey" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1) ; -+ } -+ -+ /* Adopt the symmetric key into key data */ -+ ret = xmlSecNssSymKeyDataAdoptKey(data, symKey); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyDataBinaryValueSetBuffer", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSymKey( symKey ) ; -+ PK11_FreeSlot( slot ) ; -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ /* symKey has been duplicated into data, it isn't used any more */ -+ PK11_FreeSymKey( symKey ) ; -+ PK11_FreeSlot( slot ) ; -+ -+ /* Check value */ -+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeyReqMatchKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(0); -+ } - -- return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); -+ ret = xmlSecKeySetValue(key, data); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecKeySetValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecKeyDataDestroy( data ) ; -+ return(-1); -+ } -+ -+ return(0); - } - - static int - xmlSecNssSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlSecByte** buf, xmlSecSize* bufSize, - xmlSecKeyInfoCtxPtr keyInfoCtx) { -+ PK11SymKey* symKey ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataKlassCheck(id), -1); -+ xmlSecAssert2(key != NULL, -1); -+ xmlSecAssert2(buf != NULL, -1); -+ xmlSecAssert2(bufSize != 0, -1); -+ xmlSecAssert2(keyInfoCtx != NULL, -1); -+ -+ /* Get symmetric key from "key" */ -+ symKey = xmlSecNssSymKeyDataGetKey(xmlSecKeyGetValue(key)); -+ if( symKey != NULL ) { -+ SECItem* keyItem ; -+ -+ /* Extract raw key data from symmetric key */ -+ if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_ExtractKeyValue", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ /* Get raw key data from "symKey" */ -+ keyItem = PK11_GetKeyData( symKey ) ; -+ if(keyItem == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "PK11_GetKeyData", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ *bufSize = keyItem->len; -+ *buf = ( xmlSecByte* )xmlMalloc( *bufSize ); -+ if( *buf == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ NULL, -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ PK11_FreeSymKey( symKey ) ; -+ return(-1); -+ } -+ -+ memcpy((*buf), keyItem->data, (*bufSize)); -+ PK11_FreeSymKey( symKey ) ; -+ } - -- return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); -+ return 0 ; - } - - static int - xmlSecNssSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { -- xmlSecBufferPtr buffer; -+ PK11SymKey* symkey ; -+ PK11SlotInfo* slot ; -+ xmlSecNssSymKeyDataCtxPtr ctx; -+ int ret; - - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), -1); - xmlSecAssert2(sizeBits > 0, -1); - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -- xmlSecAssert2(buffer != NULL, -1); -- -- return(xmlSecNssGenerateRandom(buffer, (sizeBits + 7) / 8)); -+ ctx = xmlSecNssSymKeyDataGetCtx(data); -+ xmlSecAssert2(ctx != NULL, -1); -+ -+ if( sizeBits % 8 != 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ NULL, -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "Symmetric key size must be octuple"); -+ return(-1); -+ } -+ -+ /* Get slot */ -+ slot = xmlSecNssSlotGet(ctx->cipher); -+ if( slot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -+ "xmlSecNssSlotGet" , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1) ; -+ } -+ -+ if( PK11_Authenticate( slot, PR_FALSE , NULL ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_Authenticate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return -1 ; -+ } -+ -+ symkey = PK11_KeyGen( slot , ctx->cipher , NULL , sizeBits/8 , NULL ) ; -+ if( symkey == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_KeyGen" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return -1 ; -+ } -+ -+ if( ctx->slot != NULL ) { -+ PK11_FreeSlot( ctx->slot ) ; -+ ctx->slot = NULL ; -+ } -+ ctx->slot = slot ; -+ -+ if( ctx->symkey != NULL ) { -+ PK11_FreeSymKey( ctx->symkey ) ; -+ ctx->symkey = NULL ; -+ } -+ ctx->symkey = symkey ; -+ -+ return 0; - } - - static xmlSecKeyDataType - xmlSecNssSymKeyDataGetType(xmlSecKeyDataPtr data) { -- xmlSecBufferPtr buffer; -+ xmlSecNssSymKeyDataCtxPtr context = NULL ; -+ xmlSecKeyDataType type = xmlSecKeyDataTypeUnknown ; - - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), xmlSecKeyDataTypeUnknown ) ; - -- buffer = xmlSecKeyDataBinaryValueGetBuffer(data); -- xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssSymKeyDataGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return xmlSecKeyDataTypeUnknown ; -+ } - -- return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); -+ if( context->symkey != NULL ) { -+ type |= xmlSecKeyDataTypeSymmetric ; -+ } else { -+ type |= xmlSecKeyDataTypeUnknown ; -+ } -+ -+ return type ; - } - - static xmlSecSize - xmlSecNssSymKeyDataGetSize(xmlSecKeyDataPtr data) { -+ xmlSecNssSymKeyDataCtxPtr context ; -+ unsigned int length = 0 ; -+ - xmlSecAssert2(xmlSecNssSymKeyDataCheckId(data), 0); -+ xmlSecAssert2( xmlSecKeyDataCheckSize( data, xmlSecNssSymKeyDataSize ), 0 ) ; -+ context = xmlSecNssSymKeyDataGetCtx( data ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssSymKeyDataGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return 0 ; -+ } -+ -+ if( context->symkey != NULL ) { -+ length = PK11_GetKeyLength( context->symkey ) ; -+ length *= 8 ; -+ } - -- return(xmlSecKeyDataBinaryValueGetSize(data)); -+ return length ; - } - - static void - xmlSecNssSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); - -- xmlSecKeyDataBinaryValueDebugDump(data, output); -+ /* print only size, everything else is sensitive */ -+ fprintf( output , "=== %s: size=%d\n" , data->id->dataNodeName , -+ xmlSecKeyDataGetSize(data)) ; - } - - static void - xmlSecNssSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { - xmlSecAssert(xmlSecNssSymKeyDataCheckId(data)); -- -- xmlSecKeyDataBinaryValueDebugXmlDump(data, output); -+ -+ /* print only size, everything else is sensitive */ -+ fprintf( output , "<%s size=\"%d\" />\n" , data->id->dataNodeName , -+ xmlSecKeyDataGetSize(data)) ; - } - - static int -@@ -201,7 +858,7 @@ - *************************************************************************/ - static xmlSecKeyDataKlass xmlSecNssKeyDataAesKlass = { - sizeof(xmlSecKeyDataKlass), -- xmlSecKeyDataBinarySize, -+ xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameAESKeyValue, -@@ -282,7 +939,7 @@ - *************************************************************************/ - static xmlSecKeyDataKlass xmlSecNssKeyDataDesKlass = { - sizeof(xmlSecKeyDataKlass), -- xmlSecKeyDataBinarySize, -+ xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameDESKeyValue, -@@ -364,7 +1021,7 @@ - *************************************************************************/ - static xmlSecKeyDataKlass xmlSecNssKeyDataHmacKlass = { - sizeof(xmlSecKeyDataKlass), -- xmlSecKeyDataBinarySize, -+ xmlSecNssSymKeyDataSize, - - /* data */ - xmlSecNameHMACKeyValue, ---- misc/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:07:19.249145861 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/tokens.c 2009-09-21 14:02:48.556772442 +0200 -@@ -1 +1,548 @@ --dummy -+/** -+ * XMLSec library -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright.................................. -+ * -+ * Contributor(s): _____________________________ -+ * -+ */ -+ -+/** -+ * In order to ensure that particular crypto operation is performed on -+ * particular crypto device, a subclass of xmlSecList is used to store slot and -+ * mechanism information. -+ * -+ * In the list, a slot is bound with a mechanism. If the mechanism is available, -+ * this mechanism only can perform on the slot; otherwise, it can perform on -+ * every eligibl slot in the list. -+ * -+ * When try to find a slot for a particular mechanism, the slot bound with -+ * avaliable mechanism will be looked up firstly. -+ */ -+#include "globals.h" -+#include <string.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/errors.h> -+#include <xmlsec/list.h> -+ -+#include <xmlsec/nss/tokens.h> -+ -+int -+xmlSecNssKeySlotSetMechList( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE_PTR mechanismList -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( keySlot->mechanismList != CK_NULL_PTR ) { -+ xmlFree( keySlot->mechanismList ) ; -+ -+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( keySlot->mechanismList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ for( ; counter >= 0 ; counter -- ) -+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ; -+ } -+ -+ return( 0 ); -+} -+ -+int -+xmlSecNssKeySlotEnableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) { -+ int counter ; -+ CK_MECHANISM_TYPE_PTR newList ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( mechanism != CKM_INVALID_MECHANISM ) { -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( newList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ; -+ *( newList + counter ) = mechanism ; -+ for( counter -= 1 ; counter >= 0 ; counter -- ) -+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ; -+ -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = newList ; -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecNssKeySlotDisableMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE mechanism -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ if( *( keySlot->mechanismList + counter ) == mechanism ) { -+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ; -+ } -+ -+ break ; -+ } -+ } -+ -+ return(0); -+} -+ -+CK_MECHANISM_TYPE_PTR -+xmlSecNssKeySlotGetMechList( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ if( keySlot != NULL ) -+ return keySlot->mechanismList ; -+ else -+ return NULL ; -+} -+ -+int -+xmlSecNssKeySlotSetSlot( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) { -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( slot != NULL && keySlot->slot != slot ) { -+ if( keySlot->slot != NULL ) -+ PK11_FreeSlot( keySlot->slot ) ; -+ -+ if( keySlot->mechanismList != NULL ) { -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = NULL ; -+ } -+ -+ keySlot->slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ return(0); -+} -+ -+int -+xmlSecNssKeySlotInitialize( -+ xmlSecNssKeySlotPtr keySlot , -+ PK11SlotInfo* slot -+) { -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ; -+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ; -+ -+ if( slot != NULL ) { -+ keySlot->slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ return(0); -+} -+ -+void -+xmlSecNssKeySlotFinalize( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ -+ if( keySlot->mechanismList != NULL ) { -+ xmlFree( keySlot->mechanismList ) ; -+ keySlot->mechanismList = NULL ; -+ } -+ -+ if( keySlot->slot != NULL ) { -+ PK11_FreeSlot( keySlot->slot ) ; -+ keySlot->slot = NULL ; -+ } -+ -+} -+ -+PK11SlotInfo* -+xmlSecNssKeySlotGetSlot( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ if( keySlot != NULL ) -+ return keySlot->slot ; -+ else -+ return NULL ; -+} -+ -+xmlSecNssKeySlotPtr -+xmlSecNssKeySlotCreate() { -+ xmlSecNssKeySlotPtr keySlot ; -+ -+ /* Allocates a new xmlSecNssKeySlot and fill the fields */ -+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ; -+ -+ return( keySlot ) ; -+} -+ -+int -+xmlSecNssKeySlotCopy( -+ xmlSecNssKeySlotPtr newKeySlot , -+ xmlSecNssKeySlotPtr keySlot -+) { -+ CK_MECHANISM_TYPE_PTR mech ; -+ int counter ; -+ -+ xmlSecAssert2( newKeySlot != NULL , -1 ) ; -+ xmlSecAssert2( keySlot != NULL , -1 ) ; -+ -+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) { -+ if( newKeySlot->slot != NULL ) -+ PK11_FreeSlot( newKeySlot->slot ) ; -+ -+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ; -+ } -+ -+ if( keySlot->mechanismList != CK_NULL_PTR ) { -+ xmlFree( newKeySlot->mechanismList ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ; -+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ; -+ if( newKeySlot->mechanismList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ for( ; counter >= 0 ; counter -- ) -+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ; -+ } -+ -+ return( 0 ); -+} -+ -+xmlSecNssKeySlotPtr -+xmlSecNssKeySlotDuplicate( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecNssKeySlotPtr newKeySlot ; -+ int ret ; -+ -+ xmlSecAssert2( keySlot != NULL , NULL ) ; -+ -+ newKeySlot = xmlSecNssKeySlotCreate() ; -+ if( newKeySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ -+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( NULL ); -+ } -+ -+ return( newKeySlot ); -+} -+ -+void -+xmlSecNssKeySlotDestroy( -+ xmlSecNssKeySlotPtr keySlot -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ -+ if( keySlot->mechanismList != NULL ) -+ xmlFree( keySlot->mechanismList ) ; -+ -+ if( keySlot->slot != NULL ) -+ PK11_FreeSlot( keySlot->slot ) ; -+ -+ xmlFree( keySlot ) ; -+} -+ -+int -+xmlSecNssKeySlotBindMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) { -+ int counter ; -+ -+ xmlSecAssert2( keySlot != NULL , 0 ) ; -+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -+ -+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) { -+ if( *( keySlot->mechanismList + counter ) == type ) -+ return(1) ; -+ } -+ -+ return( 0 ) ; -+} -+ -+int -+xmlSecNssKeySlotSupportMech( -+ xmlSecNssKeySlotPtr keySlot , -+ CK_MECHANISM_TYPE type -+) { -+ xmlSecAssert2( keySlot != NULL , 0 ) ; -+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ; -+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ; -+ -+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) { -+ return(1); -+ } else -+ return(0); -+} -+ -+void -+xmlSecNssKeySlotDebugDump( -+ xmlSecNssKeySlotPtr keySlot , -+ FILE* output -+) { -+ xmlSecAssert( keySlot != NULL ) ; -+ xmlSecAssert( output != NULL ) ; -+ -+ fprintf( output, "== KEY SLOT\n" ); -+} -+ -+void -+xmlSecNssKeySlotDebugXmlDump( -+ xmlSecNssKeySlotPtr keySlot , -+ FILE* output -+) { -+} -+ -+/** -+ * Key Slot List -+ */ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -+#else -+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = { -+#endif -+ BAD_CAST "mechanism-list", -+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate, -+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy, -+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump, -+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump, -+}; -+ -+xmlSecPtrListId -+xmlSecNssKeySlotListGetKlass(void) { -+ return(&xmlSecNssKeySlotPtrListKlass); -+} -+ -+ -+/*- -+ * Global PKCS#11 crypto token repository -- Key slot list -+ */ -+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ; -+ -+PK11SlotInfo* -+xmlSecNssSlotGet( -+ CK_MECHANISM_TYPE type -+) { -+ PK11SlotInfo* slot = NULL ; -+ xmlSecNssKeySlotPtr keySlot ; -+ xmlSecSize ksSize ; -+ xmlSecSize ksPos ; -+ char flag ; -+ -+ if( _xmlSecNssKeySlotList == NULL ) { -+ slot = PK11_GetBestSlot( type , NULL ) ; -+ } else { -+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -+ -+ /*- -+ * Firstly, checking whether the mechanism is bound with a special slot. -+ * If no bound slot, we try to find the first eligible slot in the list. -+ */ -+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) { -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ flag = 2 ; -+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) { -+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ; -+ flag = 1 ; -+ } -+ -+ if( flag == 2 ) -+ break ; -+ } -+ if( slot != NULL ) -+ slot = PK11_ReferenceSlot( slot ) ; -+ } -+ -+ if( slot != NULL && PK11_NeedLogin( slot ) ) { -+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ PK11_FreeSlot( slot ) ; -+ return( NULL ); -+ } -+ } -+ -+ return slot ; -+} -+ -+int -+xmlSecNssSlotInitialize( -+ void -+) { -+ if( _xmlSecNssKeySlotList != NULL ) { -+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -+ _xmlSecNssKeySlotList = NULL ; -+ } -+ -+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ; -+ if( _xmlSecNssKeySlotList == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return( -1 ); -+ } -+ -+ return(0); -+} -+ -+void -+xmlSecNssSlotShutdown( -+ void -+) { -+ if( _xmlSecNssKeySlotList != NULL ) { -+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ; -+ _xmlSecNssKeySlotList = NULL ; -+ } -+} -+ -+int -+xmlSecNssSlotAdopt( -+ PK11SlotInfo* slot, -+ CK_MECHANISM_TYPE type -+) { -+ xmlSecNssKeySlotPtr keySlot ; -+ xmlSecSize ksSize ; -+ xmlSecSize ksPos ; -+ char flag ; -+ -+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ; -+ xmlSecAssert2( slot != NULL, -1 ) ; -+ -+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ; -+ -+ /*- -+ * Firstly, checking whether the slot is in the repository already. -+ */ -+ flag = 0 ; -+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) { -+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ; -+ /* If find the slot in the list */ -+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) { -+ /* If mechnism type is valid, bind the slot with the mechanism */ -+ if( type != CKM_INVALID_MECHANISM ) { -+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ flag = 1 ; -+ } -+ } -+ -+ /* If the slot do not in the list, add a new item to the list */ -+ if( flag == 0 ) { -+ /* Create a new KeySlot */ -+ keySlot = xmlSecNssKeySlotCreate() ; -+ if( keySlot == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Initialize the keySlot with a slot */ -+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ -+ /* If mechnism type is valid, bind the slot with the mechanism */ -+ if( type != CKM_INVALID_MECHANISM ) { -+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ } -+ -+ /* Add keySlot into the list */ -+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ NULL , -+ XMLSEC_ERRORS_R_XMLSEC_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecNssKeySlotDestroy( keySlot ) ; -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ ---- misc/xmlsec1-1.2.14/src/nss/x509.c 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/x509.c 2009-09-21 14:02:48.642312431 +0200 -@@ -34,7 +34,6 @@ - #include <xmlsec/keys.h> - #include <xmlsec/keyinfo.h> - #include <xmlsec/keysmngr.h> --#include <xmlsec/x509.h> - #include <xmlsec/base64.h> - #include <xmlsec/errors.h> - -@@ -61,33 +60,18 @@ - static int xmlSecNssX509CertificateNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509CertificateNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SubjectNameNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509SubjectNameNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509IssuerSerialNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509IssuerSerialNodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509SKINodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509SKINodeWrite (CERTCertificate* cert, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssX509CRLNodeRead (xmlSecKeyDataPtr data, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); --static int xmlSecNssX509CRLNodeWrite (CERTSignedCrl* crl, -- xmlNodePtr node, -- xmlSecKeyInfoCtxPtr keyInfoCtx); - static int xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, - xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx); -@@ -104,9 +88,6 @@ - xmlSecKeyInfoCtxPtr keyInfoCtx); - static xmlChar* xmlSecNssX509CrlBase64DerWrite (CERTSignedCrl* crl, - int base64LineWrap); --static xmlChar* xmlSecNssX509NameWrite (CERTName* nm); --static xmlChar* xmlSecNssASN1IntegerWrite (SECItem *num); --static xmlChar* xmlSecNssX509SKIWrite (CERTCertificate* cert); - static void xmlSecNssX509CertDebugDump (CERTCertificate* cert, - FILE* output); - static void xmlSecNssX509CertDebugXmlDump (CERTCertificate* cert, -@@ -752,31 +733,22 @@ - xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataPtr data; -+ xmlNodePtr cur; -+ xmlChar* buf; - CERTCertificate* cert; - CERTSignedCrl* crl; - xmlSecSize size, pos; -- int content = 0; -- int ret; - - xmlSecAssert2(id == xmlSecNssKeyDataX509Id, -1); - xmlSecAssert2(key != NULL, -1); - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(keyInfoCtx != NULL, -1); - -- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); -- if (content < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecX509DataGetNodeContent", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "content=%d", content); -- return(-1); -- } else if(content == 0) { -- /* by default we are writing certificates and crls */ -- content = XMLSEC_X509DATA_DEFAULT; -+ /* todo: flag in ctx remove all existing content */ -+ if(0) { -+ xmlNodeSetContent(node, NULL); - } - -- /* get x509 data */ - data = xmlSecKeyGetData(key, id); - if(data == NULL) { - /* no x509 data in the key */ -@@ -796,79 +768,74 @@ - return(-1); - } - -- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { -- ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -+ /* set base64 lines size from context */ -+ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -+ if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509CertificateNodeWrite", -+ "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -+ XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } - } - -- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { -- ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -+ cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -+ if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509SubjectNameNodeWrite", -+ "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -+ "node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -+ xmlFree(buf); - return(-1); -- } - } -+ /* todo: add \n around base64 data - from context */ -+ /* todo: add errors check */ -+ xmlNodeSetContent(cur, xmlSecStringCR); -+ xmlNodeSetContent(cur, buf); -+ xmlFree(buf); -+ } - -- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { -- ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509IssuerSerialNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -+ /* write crls */ -+ size = xmlSecNssKeyDataX509GetCrlsSize(data); -+ for(pos = 0; pos < size; ++pos) { -+ crl = xmlSecNssKeyDataX509GetCrl(data, pos); -+ if(crl == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssKeyDataX509GetCrl", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "pos=%d", pos); -+ return(-1); - } - -- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { -- ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509SKINodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -+ /* set base64 lines size from context */ -+ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -+ if(buf == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecNssX509CrlBase64DerWrite", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); - } -- } - -- /* write crls if needed */ -- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) { -- size = xmlSecNssKeyDataX509GetCrlsSize(data); -- for(pos = 0; pos < size; ++pos) { -- crl = xmlSecNssKeyDataX509GetCrl(data, pos); -- if(crl == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssKeyDataX509GetCrl", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- -- ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); -- if(ret < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -- "xmlSecNssX509CRLNodeWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "pos=%d", pos); -- return(-1); -- } -- } -+ cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); -+ if(cur == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), -+ "xmlSecAddChild", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "new_node=%s", -+ xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -+ xmlFree(buf); -+ return(-1); -+ } -+ /* todo: add \n around base64 data - from context */ -+ /* todo: add errors check */ -+ xmlNodeSetContent(cur, xmlSecStringCR); -+ xmlNodeSetContent(cur, buf); - } - - return(0); -@@ -1057,46 +1024,6 @@ - return(0); - } - --static int --xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlChar* buf; -- xmlNodePtr cur; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- xmlSecAssert2(keyInfoCtx != NULL, -1); -- -- /* set base64 lines size from context */ -- buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CertBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); -- xmlFree(buf); -- return(-1); -- } -- -- /* todo: add \n around base64 data - from context */ -- /* todo: add errors check */ -- xmlNodeSetContent(cur, xmlSecStringCR); -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- return(0); --} -- - static int - xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; -@@ -1120,19 +1047,13 @@ - } - - subject = xmlNodeGetContent(node); -- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { -- if(subject != NULL) { -- xmlFree(subject); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -+ if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } -- return(0); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); -@@ -1169,40 +1090,6 @@ - return(0); - } - --static int --xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlChar* buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- buf = xmlSecNssX509NameWrite(&(cert->subject)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->subject))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); -- xmlFree(buf); -- return(-1); -- } -- xmlSecNodeEncodeAndSetContent(cur, buf); -- xmlFree(buf); -- return(0); --} -- - static int - xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; -@@ -1228,21 +1115,9 @@ - } - - cur = xmlSecGetNextElementNode(node->children); -- if(cur == NULL) { -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -- XMLSEC_ERRORS_R_NODE_NOT_FOUND, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); -- return(-1); -- } -- return(0); -- } - - /* the first is required node X509IssuerName */ -- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { -+ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), -@@ -1336,78 +1211,6 @@ - return(0); - } - --static int --xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlNodePtr cur; -- xmlNodePtr issuerNameNode; -- xmlNodePtr issuerNumberNode; -- xmlChar* buf; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- /* create xml nodes */ -- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); -- return(-1); -- } -- -- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); -- if(issuerNameNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); -- return(-1); -- } -- -- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); -- if(issuerNumberNode == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); -- return(-1); -- } -- -- /* write data */ -- buf = xmlSecNssX509NameWrite(&(cert->issuer)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameWrite(&(cert->issuer))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); -- xmlFree(buf); -- -- buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- xmlNodeSetContent(issuerNumberNode, buf); -- xmlFree(buf); -- -- return(0); --} -- - static int - xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataStorePtr x509Store; -@@ -1431,11 +1234,7 @@ - } - - ski = xmlNodeGetContent(node); -- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { -- if(ski != NULL) { -- xmlFree(ski); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -+ if(ski == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), -@@ -1443,8 +1242,6 @@ - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); - return(-1); -- } -- return(0); - } - - cert = xmlSecNssX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx); -@@ -1479,41 +1276,6 @@ - return(0); - } - --static int --xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { -- xmlChar *buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(cert != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- -- buf = xmlSecNssX509SKIWrite(cert); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509SKIWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509SKI)); -- xmlFree(buf); -- return(-1); -- } -- xmlSecNodeEncodeAndSetContent(cur, buf); -- xmlFree(buf); -- -- return(0); --} -- - static int - xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlChar *content; -@@ -1524,19 +1286,13 @@ - xmlSecAssert2(keyInfoCtx != NULL, -1); - - content = xmlNodeGetContent(node); -- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { -- if(content != NULL) { -- xmlFree(content); -- } -- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { -+ if(content == NULL){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); -- } -- return(0); - } - - crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); -@@ -1556,47 +1312,6 @@ - } - - static int --xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { -- xmlChar* buf = NULL; -- xmlNodePtr cur = NULL; -- -- xmlSecAssert2(crl != NULL, -1); -- xmlSecAssert2(node != NULL, -1); -- xmlSecAssert2(keyInfoCtx != NULL, -1); -- -- /* set base64 lines size from context */ -- buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); -- if(buf == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509CrlBase64DerWrite", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(-1); -- } -- -- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); -- if(cur == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecAddChild", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "new_node=%s", -- xmlSecErrorsSafeString(xmlSecNodeX509CRL)); -- xmlFree(buf); -- return(-1); -- } -- /* todo: add \n around base64 data - from context */ -- /* todo: add errors check */ -- xmlNodeSetContent(cur, xmlSecStringCR); -- xmlNodeSetContent(cur, buf); -- xmlFree(buf); -- -- return(0); --} -- -- --static int - xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecNssX509DataCtxPtr ctx; -@@ -1604,6 +1319,10 @@ - int ret; - SECStatus status; - PRTime notBefore, notAfter; -+ -+ PK11SlotInfo* slot ; -+ SECKEYPublicKey *pubKey = NULL; -+ SECKEYPrivateKey *priKey = NULL; - - xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataX509Id), -1); - xmlSecAssert2(key != NULL, -1); -@@ -1636,10 +1355,14 @@ - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - return(-1); - } -- -+ -+ /*- -+ * Get Public key from cert, which does not always work for sign -+ * action. -+ * - keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); - if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, -@@ -1649,6 +1372,54 @@ - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -+ */ -+ /*- -+ * I'll search key according to KeyReq. -+ */ -+ slot = cert->slot ; -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { -+ if( ( priKey = PK11_FindPrivateKeyFromCert( slot , cert , NULL ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "PK11_FindPrivateKeyFromCert" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return -1 ; -+ } -+ } -+ -+ if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { -+ if( ( pubKey = CERT_ExtractPublicKey( cert ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "CERT_ExtractPublicKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ -+ if( priKey != NULL ) -+ SECKEY_DestroyPrivateKey( priKey ) ; -+ return -1 ; -+ } -+ } -+ -+ keyValue = xmlSecNssPKIAdoptKey(priKey, pubKey); -+ if( keyValue == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( data ) ) , -+ "xmlSecNssPKIAdoptKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ -+ if( priKey != NULL ) -+ SECKEY_DestroyPrivateKey( priKey ) ; -+ -+ if( pubKey != NULL ) -+ SECKEY_DestroyPublicKey( pubKey ) ; -+ -+ return -1 ; -+ } -+ /* Modify keyValue get Done */ - - /* verify that the key matches our expectations */ - if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { -@@ -1950,86 +1721,6 @@ - return(res); - } - --static xmlChar* --xmlSecNssX509NameWrite(CERTName* nm) { -- xmlChar *res = NULL; -- char *str; -- -- xmlSecAssert2(nm != NULL, NULL); -- -- str = CERT_NameToAscii(nm); -- if (str == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_NameToAscii", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(NULL); -- } -- -- res = xmlStrdup(BAD_CAST str); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlStrdup", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- PORT_Free(str); -- return(NULL); -- } -- PORT_Free(str); -- return(res); --} -- --static xmlChar* --xmlSecNssASN1IntegerWrite(SECItem *num) { -- xmlChar *res = NULL; -- -- xmlSecAssert2(num != NULL, NULL); -- -- /* TODO : to be implemented after -- * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed -- */ -- return(res); --} -- --static xmlChar* --xmlSecNssX509SKIWrite(CERTCertificate* cert) { -- xmlChar *res = NULL; -- SECItem ski; -- SECStatus rv; -- -- xmlSecAssert2(cert != NULL, NULL); -- -- memset(&ski, 0, sizeof(ski)); -- -- rv = CERT_FindSubjectKeyIDExtension(cert, &ski); -- if (rv != SECSuccess) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "CERT_FindSubjectKeyIDExtension", -- XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); -- } -- -- res = xmlSecBase64Encode(ski.data, ski.len, 0); -- if(res == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecBase64Encode", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- SECITEM_FreeItem(&ski, PR_FALSE); -- return(NULL); -- } -- SECITEM_FreeItem(&ski, PR_FALSE); -- -- return(res); --} -- -- - static void - xmlSecNssX509CertDebugDump(CERTCertificate* cert, FILE* output) { - SECItem *sn; ---- misc/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/src/nss/x509vfy.c 2009-09-21 14:02:48.669245207 +0200 -@@ -30,6 +30,7 @@ - #include <xmlsec/keyinfo.h> - #include <xmlsec/keysmngr.h> - #include <xmlsec/base64.h> -+#include <xmlsec/bn.h> - #include <xmlsec/errors.h> - - #include <xmlsec/nss/crypto.h> -@@ -61,17 +62,7 @@ - - static int xmlSecNssX509StoreInitialize (xmlSecKeyDataStorePtr store); - static void xmlSecNssX509StoreFinalize (xmlSecKeyDataStorePtr store); --static int xmlSecNssX509NameStringRead (xmlSecByte **str, -- int *strLen, -- xmlSecByte *res, -- int resLen, -- xmlSecByte delim, -- int ingoreTrailingSpaces); --static xmlSecByte * xmlSecNssX509NameRead (xmlSecByte *str, -- int len); -- --static void xmlSecNssNumToItem(SECItem *it, unsigned long num); -- -+static int xmlSecNssIntegerToItem( const xmlChar* integer , SECItem *it ) ; - - static xmlSecKeyDataStoreKlass xmlSecNssX509StoreKlass = { - sizeof(xmlSecKeyDataStoreKlass), -@@ -339,40 +330,28 @@ - xmlSecNssX509FindCert(xmlChar *subjectName, xmlChar *issuerName, - xmlChar *issuerSerial, xmlChar *ski) { - CERTCertificate *cert = NULL; -- xmlChar *p = NULL; - CERTName *name = NULL; - SECItem *nameitem = NULL; - PRArenaPool *arena = NULL; - - if (subjectName != NULL) { -- p = xmlSecNssX509NameRead(subjectName, xmlStrlen(subjectName)); -- if (p == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "subject=%s", -- xmlSecErrorsSafeString(subjectName)); -- goto done; -- } -- - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } - -- name = CERT_AsciiToName((char*)p); -+ name = CERT_AsciiToName((char*)subjectName); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } - -@@ -394,34 +373,23 @@ - if((issuerName != NULL) && (issuerSerial != NULL)) { - CERTIssuerAndSN issuerAndSN; - -- p = xmlSecNssX509NameRead(issuerName, xmlStrlen(issuerName)); -- if (p == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- "issuer=%s", -- xmlSecErrorsSafeString(issuerName)); -- goto done; -- } -- - arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); - if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } - -- name = CERT_AsciiToName((char*)p); -+ name = CERT_AsciiToName((char*)issuerName); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -+ "error code=%d", PORT_GetError()); - goto done; - } - -@@ -441,8 +409,15 @@ - issuerAndSN.derIssuer.data = nameitem->data; - issuerAndSN.derIssuer.len = nameitem->len; - -- /* TBD: serial num can be arbitrarily long */ -- xmlSecNssNumToItem(&issuerAndSN.serialNumber, PORT_Atoi((char *)issuerSerial)); -+ if( xmlSecNssIntegerToItem( issuerSerial, &issuerAndSN.serialNumber ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssIntegerToItem", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ "serial number=%s", -+ xmlSecErrorsSafeString(issuerSerial)); -+ goto done; -+ } - - cert = CERT_FindCertByIssuerAndSN(CERT_GetDefaultCertDB(), - &issuerAndSN); -@@ -473,9 +448,6 @@ - } - - done: -- if (p != NULL) { -- PORT_Free(p); -- } - if (arena != NULL) { - PORT_FreeArena(arena, PR_FALSE); - } -@@ -486,176 +458,6 @@ - return(cert); - } - --static xmlSecByte * --xmlSecNssX509NameRead(xmlSecByte *str, int len) { -- xmlSecByte name[256]; -- xmlSecByte value[256]; -- xmlSecByte *retval = NULL; -- xmlSecByte *p = NULL; -- int nameLen, valueLen; -- -- xmlSecAssert2(str != NULL, NULL); -- -- /* return string should be no longer than input string */ -- retval = (xmlSecByte *)PORT_Alloc(len+1); -- if(retval == NULL) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "PORT_Alloc", -- XMLSEC_ERRORS_R_MALLOC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- return(NULL); -- } -- p = retval; -- -- while(len > 0) { -- /* skip spaces after comma or semicolon */ -- while((len > 0) && isspace(*str)) { -- ++str; --len; -- } -- -- nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); -- if(nameLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- memcpy(p, name, nameLen); -- p+=nameLen; -- *p++='='; -- if(len > 0) { -- ++str; --len; -- if((*str) == '\"') { -- valueLen = xmlSecNssX509NameStringRead(&str, &len, -- value, sizeof(value), '"', 1); -- if(valueLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- /* skip spaces before comma or semicolon */ -- while((len > 0) && isspace(*str)) { -- ++str; --len; -- } -- if((len > 0) && ((*str) != ',')) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "comma is expected"); -- goto done; -- } -- if(len > 0) { -- ++str; --len; -- } -- *p++='\"'; -- memcpy(p, value, valueLen); -- p+=valueLen; -- *p++='\"'; -- } else if((*str) == '#') { -- /* TODO: read octect values */ -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "reading octect values is not implemented yet"); -- goto done; -- } else { -- valueLen = xmlSecNssX509NameStringRead(&str, &len, -- value, sizeof(value), ',', 1); -- if(valueLen < 0) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- "xmlSecNssX509NameStringRead", -- XMLSEC_ERRORS_R_XMLSEC_FAILED, -- XMLSEC_ERRORS_NO_MESSAGE); -- goto done; -- } -- memcpy(p, value, valueLen); -- p+=valueLen; -- if (len > 0) -- *p++=','; -- } -- } else { -- valueLen = 0; -- } -- if(len > 0) { -- ++str; --len; -- } -- } -- -- *p = 0; -- return(retval); -- --done: -- PORT_Free(retval); -- return (NULL); --} -- --static int --xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, -- xmlSecByte *res, int resLen, -- xmlSecByte delim, int ingoreTrailingSpaces) { -- xmlSecByte *p, *q, *nonSpace; -- -- xmlSecAssert2(str != NULL, -1); -- xmlSecAssert2(strLen != NULL, -1); -- xmlSecAssert2(res != NULL, -1); -- -- p = (*str); -- nonSpace = q = res; -- while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { -- if((*p) != '\\') { -- if(ingoreTrailingSpaces && !isspace(*p)) { -- nonSpace = q; -- } -- *(q++) = *(p++); -- } else { -- ++p; -- nonSpace = q; -- if(xmlSecIsHex((*p))) { -- if((p - (*str) + 1) >= (*strLen)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "two hex digits expected"); -- return(-1); -- } -- *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); -- p += 2; -- } else { -- if(((++p) - (*str)) >= (*strLen)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_DATA, -- "escaped symbol missed"); -- return(-1); -- } -- *(q++) = *(p++); -- } -- } -- } -- if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { -- xmlSecError(XMLSEC_ERRORS_HERE, -- NULL, -- NULL, -- XMLSEC_ERRORS_R_INVALID_SIZE, -- "buffer is too small"); -- return(-1); -- } -- (*strLen) -= (p - (*str)); -- (*str) = p; -- return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); --} -- - /* code lifted from NSS */ - static void - xmlSecNssNumToItem(SECItem *it, unsigned long ui) -@@ -699,6 +501,77 @@ - it->len = len; - PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); - } -+ -+static int -+xmlSecNssIntegerToItem( -+ const xmlChar* integer , -+ SECItem *item -+) { -+ xmlSecBn bn ; -+ xmlSecSize i, length ; -+ const xmlSecByte* bnInteger ; -+ -+ xmlSecAssert2( integer != NULL, -1 ) ; -+ xmlSecAssert2( item != NULL, -1 ) ; -+ -+ if( xmlSecBnInitialize( &bn, 0 ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnInitialize", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return -1 ; -+ } -+ -+ if( xmlSecBnFromDecString( &bn, integer ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnFromDecString", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ length = xmlSecBnGetSize( &bn ) ; -+ if( length <= 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnGetSize", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ } -+ -+ bnInteger = xmlSecBnGetData( &bn ) ; -+ if( bnInteger == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBnGetData", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ item->data = ( unsigned char * )PORT_Alloc( length ); -+ if( item->data == NULL ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PORT_Alloc", -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBnFinalize( &bn ) ; -+ return -1 ; -+ } -+ -+ item->len = length; -+ for( i = 0 ; i < length ; i ++ ) -+ item->data[i] = *( bnInteger + i ) ; -+ -+ xmlSecBnFinalize( &bn ) ; -+ -+ return 0 ; -+} - #endif /* XMLSEC_NO_X509 */ - - ---- misc/xmlsec1-1.2.14/win32/Makefile.msvc 2009-06-25 22:53:18.000000000 +0200 -+++ misc/build/xmlsec1-1.2.14/win32/Makefile.msvc 2009-09-21 14:02:48.607277908 +0200 -@@ -218,6 +218,9 @@ - $(XMLSEC_OPENSSL_INTDIR_A)\x509vfy.obj - - XMLSEC_NSS_OBJS = \ -+ $(XMLSEC_NSS_INTDIR)\akmngr.obj\ -+ $(XMLSEC_NSS_INTDIR)\keywrapers.obj\ -+ $(XMLSEC_NSS_INTDIR)\tokens.obj\ - $(XMLSEC_NSS_INTDIR)\app.obj\ - $(XMLSEC_NSS_INTDIR)\bignum.obj\ - $(XMLSEC_NSS_INTDIR)\ciphers.obj \ -@@ -253,6 +256,7 @@ - $(XMLSEC_NSS_INTDIR_A)\strings.obj - - XMLSEC_MSCRYPTO_OBJS = \ -+ $(XMLSEC_MSCRYPTO_INTDIR)\akmngr.obj\ - $(XMLSEC_MSCRYPTO_INTDIR)\app.obj\ - $(XMLSEC_MSCRYPTO_INTDIR)\crypto.obj \ - $(XMLSEC_MSCRYPTO_INTDIR)\ciphers.obj \ |