diff options
author | Aleksey Sanin <aleksey@src.gnome.org> | 2003-02-27 05:50:46 +0000 |
---|---|---|
committer | Aleksey Sanin <aleksey@src.gnome.org> | 2003-02-27 05:50:46 +0000 |
commit | e23afad6be2f4125b4c091cd3033917d96315fc9 (patch) | |
tree | ad6eb3f0ae5e92a3f7d6e8445c0b09f36e2afa39 | |
parent | 9e9ee8f46af54f74d68d1adcb53dbfc317c0aed1 (diff) | |
download | xmlsec1-e23afad6be2f4125b4c091cd3033917d96315fc9.tar.gz xmlsec1-e23afad6be2f4125b4c091cd3033917d96315fc9.tar.bz2 xmlsec1-e23afad6be2f4125b4c091cd3033917d96315fc9.zip |
first nss checkin!
-rw-r--r-- | apps/Makefile.am | 1 | ||||
-rw-r--r-- | apps/xmlsec.c | 2 | ||||
-rw-r--r-- | configure.in | 6 | ||||
-rw-r--r-- | include/xmlsec/nss/crypto.h | 18 | ||||
-rw-r--r-- | src/nss/Makefile.am | 2 | ||||
-rw-r--r-- | src/nss/app.c | 12 | ||||
-rw-r--r-- | src/nss/crypto.c | 14 | ||||
-rw-r--r-- | src/nss/hmac.c | 252 | ||||
-rw-r--r-- | src/nss/todo.c | 10 | ||||
-rw-r--r-- | src/openssl/evp.c | 3 | ||||
-rw-r--r-- | src/transforms.c | 2 |
11 files changed, 304 insertions, 18 deletions
diff --git a/apps/Makefile.am b/apps/Makefile.am index 2ce993e8..89b7b3a5 100644 --- a/apps/Makefile.am +++ b/apps/Makefile.am @@ -35,6 +35,7 @@ endif endif INCLUDES = \ + -DXMLSEC_CRYPTO=\"$(XMLSEC_CRYPTO)\" \ -I$(top_srcdir)/include \ $(XMLSEC_CRYPTO_INCLUDES) \ $(LIBXSLT_CFLAGS) \ diff --git a/apps/xmlsec.c b/apps/xmlsec.c index 1604a6b5..1746fe43 100644 --- a/apps/xmlsec.c +++ b/apps/xmlsec.c @@ -536,7 +536,7 @@ void printUsage(const char *command) { } void printVersion(void) { - fprintf(stdout, "xmlsec %s\n", XMLSEC_VERSION); + fprintf(stdout, "xmlsec %s (crytpo=%s)\n", XMLSEC_VERSION, XMLSEC_CRYPTO); fprintf(stderr, "\n"); fprintf(stderr, "%s\n", bugs); fprintf(stderr, "%s\n", copyright); diff --git a/configure.in b/configure.in index 213528ff..98fec16f 100644 --- a/configure.in +++ b/configure.in @@ -274,7 +274,7 @@ if test "$with_nss" = "no" ; then else if test "$with_nss" != "" ; then NSS_PREFIX=$with_nss - NSS_CFLAGS="-I$NSS_PREFIX/include" + NSS_CFLAGS="-I$NSS_PREFIX/include -I$NSS_PREFIX/include/nss -I$NSS_PREFIX/include/nspr" NSS_LIBS="-L$NSS_PREFIX/lib $NSS_LIBS_LIST" NSS_LDADDS="-L$NSS_PREFIX/lib $NSS_LIBS_LIST" NSS_INCLUDES_FOUND="yes" @@ -286,9 +286,9 @@ else if test -f $dir/nss/nss.h; then dnl do not add -I/usr/include because compiler does it anyway if test "$dir" = "/usr/include" ; then - NSS_CFLAGS="" + NSS_CFLAGS="-I$dir/nss -I$dir/nspr" else - NSS_CFLAGS="-I$dir" + NSS_CFLAGS="-I$dir -I$dir/nss -I$dir/nspr" fi NSS_INCLUDES_FOUND="yes" break diff --git a/include/xmlsec/nss/crypto.h b/include/xmlsec/nss/crypto.h index de5bb92a..1d947e5e 100644 --- a/include/xmlsec/nss/crypto.h +++ b/include/xmlsec/nss/crypto.h @@ -23,6 +23,24 @@ XMLSEC_EXPORT int xmlSecNssInit (void); XMLSEC_EXPORT int xmlSecNssShutdown (void); XMLSEC_EXPORT int xmlSecNssGenerateRandom (xmlSecBufferPtr buffer, size_t sizeBytes); + + +/******************************************************************** + * + * SHA1 transform + * + *******************************************************************/ +#ifndef XMLSEC_NO_SHA1 +/** + * xmlSecNssTransformSha1Id: + * + * The SHA1 digest transform id. + */ +#define xmlSecNssTransformSha1Id \ + xmlSecNssTransformSha1GetKlass() +XMLSEC_EXPORT xmlSecTransformId xmlSecNssTransformSha1GetKlass (void); +#endif /* XMLSEC_NO_SHA1 */ + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am index 47089a16..bab20a8e 100644 --- a/src/nss/Makefile.am +++ b/src/nss/Makefile.am @@ -15,6 +15,8 @@ lib_LTLIBRARIES = libxmlsec-nss.la libxmlsec_nss_la_SOURCES =\ app.c \ crypto.c \ +digests.c \ +hmac.c \ $(NULL) libxmlsec_nss_la_LIBADD = \ diff --git a/src/nss/app.c b/src/nss/app.c index b4782342..67419863 100644 --- a/src/nss/app.c +++ b/src/nss/app.c @@ -9,6 +9,9 @@ #include <string.h> +#include <nspr/nspr.h> +#include <nss/nss.h> + #include <xmlsec/xmlsec.h> #include <xmlsec/keys.h> #include <xmlsec/transforms.h> @@ -29,7 +32,13 @@ */ int xmlSecNssAppInit(void) { - + if(NSS_NoDB_Init(NULL) != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "NSS_NoDB_Init", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "%d", PR_GetError()); + } return(0); } @@ -44,6 +53,7 @@ xmlSecNssAppInit(void) { */ int xmlSecNssAppShutdown(void) { + NSS_Shutdown(); return(0); } diff --git a/src/nss/crypto.c b/src/nss/crypto.c index cfd2bde8..a45de246 100644 --- a/src/nss/crypto.c +++ b/src/nss/crypto.c @@ -9,6 +9,10 @@ #include <string.h> +#include <nss/nss.h> +#include <nspr/prinit.h> + + #include <xmlsec/xmlsec.h> #include <xmlsec/keys.h> #include <xmlsec/transforms.h> @@ -82,6 +86,16 @@ xmlSecNssKeysInit(void) { static int xmlSecNssTransformsInit(void) { +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformRegister(xmlSecNssTransformSha1Id) < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssTransformSha1Id)), + "xmlSecTransformRegister", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } +#endif /* XMLSEC_NO_SHA1 */ return(0); } diff --git a/src/nss/hmac.c b/src/nss/hmac.c new file mode 100644 index 00000000..9f845980 --- /dev/null +++ b/src/nss/hmac.c @@ -0,0 +1,252 @@ +/** + * XMLSec library + * + * See Copyright for the status of this software. + * + * Author: Aleksey Sanin <aleksey@aleksey.com> + */ +#include "globals.h" + +#include <string.h> + +#include <nspr/nspr.h> +#include <nss/nss.h> +#include <nss/secoid.h> +#include <nss/pk11func.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/transformsInternal.h> +#include <xmlsec/errors.h> + +#include <xmlsec/nss/app.h> +#include <xmlsec/nss/crypto.h> + +#define XMLSEC_NSS_MAX_HMAC_SIZE 128 + + +/****************************************************************************** + * + * HMAC transforms + * + * reserved0-->digestOid (SECOidData*) + * reserved1-->digestCtx (PK11Context*) + * + *****************************************************************************/ +#define xmlSecNssHmacGetOid(transform) \ + ((SECOidData*)((transform)->reserved0)) +#define xmlSecNssHmacGetCtx(transform) \ + ((PK11Context*)((transform)->reserved1)) + +static int xmlSecNssHmacInitialize (xmlSecTransformPtr transform, + SECOidTag digestTag); +static void xmlSecNssHmacFinalize (xmlSecTransformPtr transform); +static int xmlSecNssHmacVerify (xmlSecTransformPtr transform, + const unsigned char* data, + size_t dataSize, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecNssHmacExecute (xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); + +static int +xmlSecNssHmacInitialize(xmlSecTransformPtr transform, SECOidTag digestTag) { + xmlSecAssert2(xmlSecTransformIsValid(transform), -1); + + transform->reserved0 = SECOID_FindOIDByTag(digestTag); + if(xmlSecNssHmacGetOid(transform) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecNssHmacGetOid", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "tag=%d", digestTag); + return(-1); + } + transform->reserved1 = NULL; + return(0); +} + +static void +xmlSecNssHmacFinalize(xmlSecTransformPtr transform) { + xmlSecAssert(xmlSecTransformIsValid(transform)); + + if(xmlSecNssHmacGetCtx(transform) != NULL) { + PK11_DestroyContext(xmlSecNssHmacGetCtx(transform), PR_TRUE); + } + transform->reserved0 = transform->reserved1 = NULL; +} + +static int +xmlSecNssHmacVerify(xmlSecTransformPtr transform, + const unsigned char* data, size_t dataSize, + xmlSecTransformCtxPtr transformCtx) { + PK11Context* ctx; + unsigned char dgst[XMLSEC_NSS_MAX_HMAC_SIZE]; + size_t dgstSize = 0; + SECStatus rv; + + xmlSecAssert2(xmlSecTransformIsValid(transform), -1); + xmlSecAssert2(transform->encode == 0, -1); + xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecNssHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + rv = PK11_DigestFinal(ctx, dgst, &dgstSize, sizeof(dgst)); + if(rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecAssert2(dgstSize > 0, -1); + + if(dataSize != dgstSize) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "data and digest sizes are different (data=%d, dgst=%d)", + dataSize, dgstSize); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + if(memcmp(dgst, data, dgstSize) != 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "data and digest do not match"); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + transform->status = xmlSecTransformStatusOk; + return(0); +} + +static int +xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + SECOidData* oid; + PK11Context* ctx; + xmlSecBufferPtr in, out; + SECStatus rv; + int ret; + + xmlSecAssert2(xmlSecTransformIsValid(transform), -1); + xmlSecAssert2(xmlSecNssHmacGetOid(transform) != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + in = &(transform->inBuf); + out = &(transform->outBuf); + + + oid = xmlSecNssHmacGetOid(transform); + xmlSecAssert2(oid != NULL, -1); + + if(transform->status == xmlSecTransformStatusNone) { + ctx = xmlSecNssHmacGetCtx(transform); + xmlSecAssert2(ctx == NULL, -1); + + ctx = transform->reserved1 = PK11_CreateDigestContext(xmlSecNssHmacGetOid(transform)->offset); + if(xmlSecNssHmacGetCtx(transform) == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_CreateDigestContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + rv = PK11_DigestBegin(ctx); + if(rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestBegin", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + transform->status = xmlSecTransformStatusWorking; + } + + if(transform->status == xmlSecTransformStatusWorking) { + size_t inSize; + + ctx = xmlSecNssHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + inSize = xmlSecBufferGetSize(in); + if(inSize > 0) { + rv = PK11_DigestOp(ctx, xmlSecBufferGetData(in), inSize); + if (rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestOp", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferRemoveHead", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "%d", inSize); + return(-1); + } + } + if(last) { + if(transform->encode) { + unsigned char dgst[XMLSEC_NSS_MAX_HMAC_SIZE]; + size_t dgstSize; + + rv = PK11_DigestFinal(ctx, dgst, &dgstSize, sizeof(dgst)); + if(rv != SECSuccess) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "PK11_DigestFinal", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecAssert2(dgstSize > 0, -1); + + ret = xmlSecBufferAppend(out, dgst, dgstSize); + if(ret < 0) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + "xmlSecBufferAppend", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "%d", dgstSize); + return(-1); + } + } + transform->status = xmlSecTransformStatusFinished; + } + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL, + XMLSEC_ERRORS_R_INVALID_STATUS, + "%d", transform->status); + return(-1); + } + + return(0); +} + + + + diff --git a/src/nss/todo.c b/src/nss/todo.c index bfcdea0f..5fd5bf4b 100644 --- a/src/nss/todo.c +++ b/src/nss/todo.c @@ -156,16 +156,6 @@ xmlSecNssKeysInit(void) { static int xmlSecNssTransformsInit(void) { -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformRegister(xmlSecNssTransformSha1Id) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssTransformSha1Id)), - "xmlSecTransformRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } -#endif /* XMLSEC_NO_SHA1 */ #ifndef XMLSEC_NO_RIPEMD160 if(xmlSecTransformRegister(xmlSecNssTransformRipemd160Id) < 0) { diff --git a/src/openssl/evp.c b/src/openssl/evp.c index 50ed80e9..95e422b0 100644 --- a/src/openssl/evp.c +++ b/src/openssl/evp.c @@ -732,9 +732,6 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran return(0); } - - - /****************************************************************************** * * EVP Signature transforms diff --git a/src/transforms.c b/src/transforms.c index 0f82dc7a..8ea81446 100644 --- a/src/transforms.c +++ b/src/transforms.c @@ -56,7 +56,9 @@ #include <xmlsec/base64.h> #include <xmlsec/errors.h> +/* #define XMLSEC_BUFFER_DEBUG 1 +*/ /************************************************************************** * |