summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksey Sanin <aleksey@src.gnome.org>2003-03-02 08:54:14 +0000
committerAleksey Sanin <aleksey@src.gnome.org>2003-03-02 08:54:14 +0000
commiteea7c9526386852d6c5b1a7a45fcfedb383877ef (patch)
treee074c927c9b13be0db85facf5f72b3e16354a9ce
parent7201e9370e499756a32206428b3a9a8c25561d18 (diff)
downloadxmlsec1-eea7c9526386852d6c5b1a7a45fcfedb383877ef.tar.gz
xmlsec1-eea7c9526386852d6c5b1a7a45fcfedb383877ef.tar.bz2
xmlsec1-eea7c9526386852d6c5b1a7a45fcfedb383877ef.zip
separated key requirements klass
-rw-r--r--apps/crypto.c2
-rw-r--r--include/xmlsec/keyinfo.h6
-rw-r--r--include/xmlsec/keys.h9
-rw-r--r--include/xmlsec/transforms.h4
-rw-r--r--src/keyinfo.c15
-rw-r--r--src/keys.c41
-rw-r--r--src/keysdata.c44
-rw-r--r--src/keysmngr.c14
-rw-r--r--src/nss/hmac.c14
-rw-r--r--src/openssl/ciphers.c15
-rw-r--r--src/openssl/evp.c8
-rw-r--r--src/openssl/hmac.c15
-rw-r--r--src/openssl/kt_rsa.c33
-rw-r--r--src/openssl/kw_aes.c15
-rw-r--r--src/openssl/kw_des.c15
-rw-r--r--src/openssl/signatures.c17
-rw-r--r--src/openssl/x509.c11
-rw-r--r--src/transforms.c12
-rw-r--r--src/xmldsig.c4
-rw-r--r--src/xmlenc.c4
-rw-r--r--tests/keys.xml44
21 files changed, 186 insertions, 156 deletions
diff --git a/apps/crypto.c b/apps/crypto.c
index a2d67f59..719ce0bf 100644
--- a/apps/crypto.c
+++ b/apps/crypto.c
@@ -335,7 +335,7 @@ xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(xmlSecKeysMngrPtr mngr, const char* k
}
memset(&keyInfoCtx, 0, sizeof(keyInfoCtx));
- keyInfoCtx.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
ret = xmlSecKeyDataBinRead(dataId, key,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
diff --git a/include/xmlsec/keyinfo.h b/include/xmlsec/keyinfo.h
index 10e81ff7..2ee43a64 100644
--- a/include/xmlsec/keyinfo.h
+++ b/include/xmlsec/keyinfo.h
@@ -77,10 +77,8 @@ struct _xmlSecKeyInfoCtx {
xmlSecKeysMngrPtr keysMngr;
void *context;
- xmlSecKeyDataId keyId;
- xmlSecKeyDataType keyType;
- xmlSecKeyUsage keyUsage;
-
+ xmlSecKeyReq keyReq;
+
int base64LineSize;
int retrievalsLevel;
int encKeysLevel;
diff --git a/include/xmlsec/keys.h b/include/xmlsec/keys.h
index efd43900..26444dd6 100644
--- a/include/xmlsec/keys.h
+++ b/include/xmlsec/keys.h
@@ -56,8 +56,10 @@ XMLSEC_EXPORT int xmlSecKeyReqInitialize (xmlSecKeyReqPtr keyReq);
XMLSEC_EXPORT void xmlSecKeyReqFinalize (xmlSecKeyReqPtr keyReq);
XMLSEC_EXPORT int xmlSecKeyReqCopy (xmlSecKeyReqPtr dst,
xmlSecKeyReqPtr src);
-XMLSEC_EXPORT int xmlSecKeyReqValidate (xmlSecKeyReqPtr keyReq,
+XMLSEC_EXPORT int xmlSecKeyReqMatchKey (xmlSecKeyReqPtr keyReq,
xmlSecKeyPtr key);
+XMLSEC_EXPORT int xmlSecKeyReqMatchKeyValue (xmlSecKeyReqPtr keyReq,
+ xmlSecKeyDataPtr value);
/**
* xmlSecKeyInifiteRetrivals:
@@ -219,10 +221,9 @@ XMLSEC_EXPORT xmlSecKeyPtr xmlSecKeyGenerate (const xmlChar* type,
size_t sizeBits);
-XMLSEC_EXPORT int xmlSecKeyVerify (xmlSecKeyPtr key,
+XMLSEC_EXPORT int xmlSecKeyMatch (xmlSecKeyPtr key,
const xmlChar *name,
- xmlSecKeyDataId id,
- xmlSecKeyDataType type);
+ xmlSecKeyReqPtr keyReq);
/***********************************************************************
diff --git a/include/xmlsec/transforms.h b/include/xmlsec/transforms.h
index e07f2fd0..956d5a00 100644
--- a/include/xmlsec/transforms.h
+++ b/include/xmlsec/transforms.h
@@ -124,7 +124,7 @@ XMLSEC_EXPORT int xmlSecTransformRead (xmlSecTransformPtr transform,
XMLSEC_EXPORT int xmlSecTransformSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
XMLSEC_EXPORT int xmlSecTransformSetKeyReq(xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
XMLSEC_EXPORT int xmlSecTransformVerify (xmlSecTransformPtr transform,
const unsigned char* data,
size_t dataSize,
@@ -364,7 +364,7 @@ typedef int (*xmlSecTransformNodeReadMethod) (xmlSecTransformPtr transform,
*
*/
typedef int (*xmlSecTransformSetKeyRequirements) (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
/**
* xmlSecTransformSetKeyMethod:
diff --git a/src/keyinfo.c b/src/keyinfo.c
index deae6b8e..04c3f168 100644
--- a/src/keyinfo.c
+++ b/src/keyinfo.c
@@ -923,7 +923,7 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt
goto done;
}
- ret = xmlSecKeyDataBinRead(keyInfoCtx->keyId, key,
+ ret = xmlSecKeyDataBinRead(keyInfoCtx->keyReq.keyId, key,
xmlSecBufferGetData(encResult->buffer),
xmlSecBufferGetSize(encResult->buffer),
keyInfoCtx);
@@ -951,7 +951,7 @@ done:
static int
xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecEncCtxPtr encCtx = NULL;
- xmlSecKeyDataType type;
+ xmlSecKeyReq keyReq;
unsigned char *keyBuf = NULL;
size_t keySize = 0;
int ret;
@@ -972,9 +972,11 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP
}
/* dump key to a binary buffer */
- /* TODO: parameter for enc key type? */
- type = keyInfoCtx->keyType;
- keyInfoCtx->keyType = xmlSecKeyDataTypeAny;
+
+ /* remeber key parameters we have */
+ xmlSecKeyReqCopy(&keyReq, &(keyInfoCtx->keyReq));
+ xmlSecKeyReqInitialize(&(keyInfoCtx->keyReq));
+ keyInfoCtx->keyReq.keyType = xmlSecKeyDataTypeAny;
ret = xmlSecKeyDataBinWrite(key->value->id, key, &keyBuf, &keySize, keyInfoCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -984,7 +986,8 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP
XMLSEC_ERRORS_NO_MESSAGE);
goto done;
}
- keyInfoCtx->keyType = type;
+ /* restore key requirements */
+ xmlSecKeyReqCopy(&(keyInfoCtx->keyReq), &keyReq);
/**
* Init Enc context
diff --git a/src/keys.c b/src/keys.c
index d4b25f3b..e6a54076 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -54,20 +54,28 @@ xmlSecKeyReqCopy(xmlSecKeyReqPtr dst, xmlSecKeyReqPtr src) {
}
int
-xmlSecKeyReqValidate(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
- xmlSecKeyDataPtr value;
-
+xmlSecKeyReqMatchKey(xmlSecKeyReqPtr keyReq, xmlSecKeyPtr key) {
xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(xmlSecKeyIsValid(key), -1);
-
- value = xmlSecKeyGetValue(key);
- if(!xmlSecKeyDataCheckId(value, keyReq->keyId)) {
- return(0);
- }
+
if((xmlSecKeyGetType(key) & keyReq->keyType) == 0) {
return(0);
}
/* todo: key usage! */
+
+ return(xmlSecKeyReqMatchKeyValue(keyReq, xmlSecKeyGetValue(key)));
+}
+
+int
+xmlSecKeyReqMatchKeyValue(xmlSecKeyReqPtr keyReq, xmlSecKeyDataPtr value) {
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(value != NULL, -1);
+
+ if((keyReq->keyId != xmlSecKeyDataIdUnknown) &&
+ (!xmlSecKeyDataCheckId(value, keyReq->keyId))) {
+
+ return(0);
+ }
return(1);
}
@@ -220,11 +228,9 @@ xmlSecKeyDuplicate(xmlSecKeyPtr key) {
}
/**
- * xmlSecKeyVerify:
+ * xmlSecKeyMatch:
* @key: the pointer to the #xmlSecKey structure.
* @name: the pointer to key name (may be NULL).
- * @id: the key id (may be "any").
- * @type: the key type to write (public/private).
*
* Checks whether the @key matches the given criteria
* (key name is equal to @name, key id is equal to @id,
@@ -233,19 +239,14 @@ xmlSecKeyDuplicate(xmlSecKeyPtr key) {
* Returns 1 if the key satisfies the given criteria or 0 otherwise.
*/
int
-xmlSecKeyVerify(xmlSecKeyPtr key, const xmlChar *name, xmlSecKeyDataId id, xmlSecKeyDataType keyType) {
+xmlSecKeyMatch(xmlSecKeyPtr key, const xmlChar *name, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecKeyIsValid(key), -1);
-
- if((id != xmlSecKeyDataIdUnknown) && (id != key->value->id)) {
- return(0);
- }
- if((xmlSecKeyGetType(key) & keyType) == 0) {
- return(0);
- }
+ xmlSecAssert2(keyReq != NULL, -1);
+
if((name != NULL) && (!xmlStrEqual(xmlSecKeyGetName(key), name))) {
return(0);
}
- return(1);
+ return(xmlSecKeyReqMatchKey(keyReq, key));
}
xmlSecKeyDataType
diff --git a/src/keysdata.c b/src/keysdata.c
index 4e2e38c3..04bba753 100644
--- a/src/keysdata.c
+++ b/src/keysdata.c
@@ -649,7 +649,12 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr
}
xmlFree(str);
- if((xmlSecKeyDataGetType(data) & keyInfoCtx->keyType) == 0) {
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
@@ -671,21 +676,27 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr
int
xmlSecKeyDataBinaryValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecBufferPtr buffer;
+ xmlSecKeyDataPtr value;
xmlChar* str;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(key->value != NULL, -1);
- xmlSecAssert2(key->value->id == id, -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
- if((xmlSecKeyDataGetType(key->value) & keyInfoCtx->keyType) == 0) {
- /* we can have only private key */
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataIsValid(value), -1);
+
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), value) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(0);
}
- buffer = xmlSecKeyDataBinaryValueGetBuffer(key->value);
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
str = xmlSecBase64Encode(xmlSecBufferGetData(buffer),
@@ -775,7 +786,12 @@ xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, const unsi
return(-1);
}
- if((xmlSecKeyDataGetType(data) & keyInfoCtx->keyType) == 0) {
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDataDestroy(data);
return(0);
}
@@ -796,18 +812,24 @@ xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, const unsi
int
xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, unsigned char** buf, size_t* bufSize, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
xmlSecAssert2(id != xmlSecKeyDataIdUnknown, -1);
xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(key->value != NULL, -1);
- xmlSecAssert2(key->value->id == id, -1);
xmlSecAssert2(buf != NULL, -1);
xmlSecAssert2(bufSize != NULL, -1);
xmlSecAssert2(keyInfoCtx != NULL, -1);
- if((xmlSecKeyDataGetType(key->value) & keyInfoCtx->keyType) == 0) {
- /* we can have only private key */
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataIsValid(value), -1);
+
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), value) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
return(0);
}
diff --git a/src/keysmngr.c b/src/keysmngr.c
index 490d6197..f9d796b4 100644
--- a/src/keysmngr.c
+++ b/src/keysmngr.c
@@ -306,7 +306,7 @@ xmlSecSimpleKeysStoreFindKey(xmlSecKeyDataStorePtr store, const xmlChar* name,
size = xmlSecPtrListGetSize(list);
for(pos = 0; pos < size; ++pos) {
key = (xmlSecKeyPtr)xmlSecPtrListGetItem(list, pos);
- if((key != NULL) && (xmlSecKeyVerify(key, name, keyInfoCtx->keyId, keyInfoCtx->keyType) == 1)) {
+ if((key != NULL) && (xmlSecKeyMatch(key, name, &(keyInfoCtx->keyReq)) == 1)) {
return(key);
}
}
@@ -347,9 +347,9 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyDataStorePtr store, const char *uri) {
}
memset(&keyInfoCtx, 0, sizeof(keyInfoCtx));
- keyInfoCtx.keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx.keyType = xmlSecKeyDataTypeAny;
- keyInfoCtx.keyUsage = xmlSecKeyDataUsageAny;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny;
+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
keyInfoCtx.retrievalsLevel = 0;
keyInfoCtx.encKeysLevel = 1;
@@ -459,9 +459,9 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyDataStorePtr store, const char *filename, xml
memset(&keyInfoCtx, 0, sizeof(keyInfoCtx));
- keyInfoCtx.keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx.keyType = type;
- keyInfoCtx.keyUsage = xmlSecKeyDataUsageAny;
+ keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown;
+ keyInfoCtx.keyReq.keyType = type;
+ keyInfoCtx.keyReq.keyUsage = xmlSecKeyDataUsageAny;
keyInfoCtx.retrievalsLevel = 0;
keyInfoCtx.encKeysLevel = 1;
diff --git a/src/nss/hmac.c b/src/nss/hmac.c
index 009302d9..1995a07f 100644
--- a/src/nss/hmac.c
+++ b/src/nss/hmac.c
@@ -61,7 +61,7 @@ static void xmlSecNssHmacFinalize (xmlSecTransformPtr transform);
static int xmlSecNssHmacReadNode (xmlSecTransformPtr transform,
xmlNodePtr transformNode);
static int xmlSecNssHmacSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecNssHmacSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecNssHmacVerify (xmlSecTransformPtr transform,
@@ -176,22 +176,22 @@ xmlSecNssHmacReadNode(xmlSecTransformPtr transform, xmlNodePtr transformNode) {
static int
-xmlSecNssHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecNssHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecNssHmacCtxPtr ctx;
xmlSecAssert2(xmlSecNssHmacCheckId(transform), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssHmacSize), -1);
ctx = xmlSecNssHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- keyInfoCtx->keyId = xmlSecNssKeyDataHmacId;
- keyInfoCtx->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = xmlSecNssKeyDataHmacId;
+ keyReq->keyType= xmlSecKeyDataTypeSymmetric;
if(transform->encode) {
- keyInfoCtx->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
- keyInfoCtx->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
diff --git a/src/openssl/ciphers.c b/src/openssl/ciphers.c
index aaa9cb89..cf5703fd 100644
--- a/src/openssl/ciphers.c
+++ b/src/openssl/ciphers.c
@@ -14,7 +14,6 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
@@ -423,7 +422,7 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx,
static int xmlSecOpenSSLEvpBlockCipherInitialize (xmlSecTransformPtr transform);
static void xmlSecOpenSSLEvpBlockCipherFinalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLEvpBlockCipherSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLEvpBlockCipherSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLEvpBlockCipherExecute (xmlSecTransformPtr transform,
@@ -517,23 +516,23 @@ xmlSecOpenSSLEvpBlockCipherFinalize(xmlSecTransformPtr transform) {
}
static int
-xmlSecOpenSSLEvpBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLEvpBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLEvpBlockCipherCtxPtr ctx;
xmlSecAssert2(xmlSecOpenSSLEvpBlockCipherCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpBlockCipherSize), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecOpenSSLEvpBlockCipherGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
- keyInfoCtx->keyId = ctx->keyId;
- keyInfoCtx->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->encode) {
- keyInfoCtx->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyInfoCtx->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
return(0);
diff --git a/src/openssl/evp.c b/src/openssl/evp.c
index 43576b78..c66551fb 100644
--- a/src/openssl/evp.c
+++ b/src/openssl/evp.c
@@ -662,7 +662,7 @@ xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
dsa = xmlSecOpenSSLKeyDataDsaGetDsa(xmlSecKeyGetValue(key));
xmlSecAssert2(dsa != NULL, -1);
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyType) == 0) {
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
/* we can have only private key or public key */
return(0);
}
@@ -731,7 +731,7 @@ xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
}
/* next is X node: write it ONLY for private keys and ONLY if it is requested */
- if(((keyInfoCtx->keyType & xmlSecKeyDataTypePrivate) != 0) && (dsa->priv_key != NULL)) {
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (dsa->priv_key != NULL)) {
cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1226,7 +1226,7 @@ xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
rsa = xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyGetValue(key));
xmlSecAssert2(rsa != NULL, -1);
- if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyType) == 0) {
+ if(((xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate) & keyInfoCtx->keyReq.keyType) == 0) {
/* we can have only private key or public key */
return(0);
}
@@ -1272,7 +1272,7 @@ xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
}
/* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */
- if(((keyInfoCtx->keyType & xmlSecKeyDataTypePrivate) != 0) && (rsa->d != NULL)) {
+ if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (rsa->d != NULL)) {
cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs);
if(cur == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c
index 700566a7..55e51f92 100644
--- a/src/openssl/hmac.c
+++ b/src/openssl/hmac.c
@@ -20,7 +20,6 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/transformsInternal.h>
#include <xmlsec/errors.h>
@@ -59,7 +58,7 @@ static void xmlSecOpenSSLHmacFinalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLHmacReadNode (xmlSecTransformPtr transform,
xmlNodePtr transformNode);
static int xmlSecOpenSSLHmacSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLHmacSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLHmacVerify (xmlSecTransformPtr transform,
@@ -182,17 +181,17 @@ xmlSecOpenSSLHmacReadNode(xmlSecTransformPtr transform, xmlNodePtr transformNode
static int
-xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
- keyInfoCtx->keyId = xmlSecOpenSSLKeyDataHmacId;
- keyInfoCtx->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = xmlSecOpenSSLKeyDataHmacId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->encode) {
- keyInfoCtx->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
- keyInfoCtx->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c
index 991a6bb7..52a4878f 100644
--- a/src/openssl/kt_rsa.c
+++ b/src/openssl/kt_rsa.c
@@ -26,7 +26,6 @@
#include <xmlsec/buffer.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/transformsInternal.h>
#include <xmlsec/strings.h>
@@ -63,7 +62,7 @@ struct _xmlSecOpenSSLRsaPkcs1Ctx {
static int xmlSecOpenSSLRsaPkcs1Initialize (xmlSecTransformPtr transform);
static void xmlSecOpenSSLRsaPkcs1Finalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLRsaPkcs1SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLRsaPkcs1SetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLRsaPkcs1Execute (xmlSecTransformPtr transform,
@@ -134,23 +133,23 @@ xmlSecOpenSSLRsaPkcs1Finalize(xmlSecTransformPtr transform) {
}
static int
-xmlSecOpenSSLRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- keyInfoCtx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
if(transform->encode) {
- keyInfoCtx->keyType = xmlSecKeyDataTypePublic;
- keyInfoCtx->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyInfoCtx->keyType = xmlSecKeyDataTypePrivate;
- keyInfoCtx->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
return(0);
}
@@ -373,7 +372,7 @@ static void xmlSecOpenSSLRsaOaepFinalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLRsaOaepReadNode (xmlSecTransformPtr transform,
xmlNodePtr node);
static int xmlSecOpenSSLRsaOaepSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLRsaOaepSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLRsaOaepExecute (xmlSecTransformPtr transform,
@@ -527,23 +526,23 @@ xmlSecOpenSSLRsaOaepReadNode(xmlSecTransformPtr transform, xmlNodePtr node) {
}
static int
-xmlSecOpenSSLRsaOaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLRsaOaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
- keyInfoCtx->keyId = xmlSecOpenSSLKeyDataRsaId;
+ keyReq->keyId = xmlSecOpenSSLKeyDataRsaId;
if(transform->encode) {
- keyInfoCtx->keyType = xmlSecKeyDataTypePublic;
- keyInfoCtx->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyInfoCtx->keyType = xmlSecKeyDataTypePrivate;
- keyInfoCtx->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
return(0);
diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c
index 697d76fa..564bc5a4 100644
--- a/src/openssl/kw_aes.c
+++ b/src/openssl/kw_aes.c
@@ -22,7 +22,6 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/transformsInternal.h>
#include <xmlsec/errors.h>
@@ -51,7 +50,7 @@
static int xmlSecOpenSSLKWAesInitialize (xmlSecTransformPtr transform);
static void xmlSecOpenSSLKWAesFinalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLKWAesSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLKWAesSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLKWAesExecute (xmlSecTransformPtr transform,
@@ -202,17 +201,17 @@ xmlSecOpenSSLKWAesFinalize(xmlSecTransformPtr transform) {
}
static int
-xmlSecOpenSSLKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecOpenSSLKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWAesSize), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
- keyInfoCtx->keyId = xmlSecOpenSSLKeyDataAesId;
- keyInfoCtx->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = xmlSecOpenSSLKeyDataAesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->encode) {
- keyInfoCtx->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyInfoCtx->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
return(0);
diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c
index 0d45fcc5..442d8f33 100644
--- a/src/openssl/kw_des.c
+++ b/src/openssl/kw_des.c
@@ -21,7 +21,6 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/transformsInternal.h>
#include <xmlsec/errors.h>
@@ -47,7 +46,7 @@
static int xmlSecOpenSSLKWDes3Initialize (xmlSecTransformPtr transform);
static void xmlSecOpenSSLKWDes3Finalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLKWDes3SetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLKWDes3SetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLKWDes3Execute (xmlSecTransformPtr transform,
@@ -140,17 +139,17 @@ xmlSecOpenSSLKWDes3Finalize(xmlSecTransformPtr transform) {
}
static int
-xmlSecOpenSSLKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWDes3Id), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLKWDes3Size), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
- keyInfoCtx->keyId = xmlSecOpenSSLKeyDataDesId;
- keyInfoCtx->keyType = xmlSecKeyDataTypeSymmetric;
+ keyReq->keyId = xmlSecOpenSSLKeyDataDesId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->encode) {
- keyInfoCtx->keyUsage = xmlSecKeyUsageEncrypt;
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
- keyInfoCtx->keyUsage = xmlSecKeyUsageDecrypt;
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
return(0);
diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c
index 7f889abc..d9c2daaf 100644
--- a/src/openssl/signatures.c
+++ b/src/openssl/signatures.c
@@ -14,7 +14,6 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>
#include <xmlsec/errors.h>
@@ -57,7 +56,7 @@ static int xmlSecOpenSSLEvpSignatureCheckId (xmlSecTransformPtr transform);
static int xmlSecOpenSSLEvpSignatureInitialize (xmlSecTransformPtr transform);
static void xmlSecOpenSSLEvpSignatureFinalize (xmlSecTransformPtr transform);
static int xmlSecOpenSSLEvpSignatureSetKeyReq (xmlSecTransformPtr transform,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
+ xmlSecKeyReqPtr keyReq);
static int xmlSecOpenSSLEvpSignatureSetKey (xmlSecTransformPtr transform,
xmlSecKeyPtr key);
static int xmlSecOpenSSLEvpSignatureVerify (xmlSecTransformPtr transform,
@@ -186,24 +185,24 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key)
}
static int
-xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecOpenSSLEvpSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
- keyInfoCtx->keyId = ctx->keyId;
+ keyReq->keyId = ctx->keyId;
if(transform->encode) {
- keyInfoCtx->keyType = xmlSecKeyDataTypePrivate;
- keyInfoCtx->keyUsage = xmlSecKeyUsageSign;
+ keyReq->keyType = xmlSecKeyDataTypePrivate;
+ keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
- keyInfoCtx->keyType = xmlSecKeyDataTypePublic;
- keyInfoCtx->keyUsage = xmlSecKeyUsageVerify;
+ keyReq->keyType = xmlSecKeyDataTypePublic;
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
diff --git a/src/openssl/x509.c b/src/openssl/x509.c
index 6cd0a025..ad5b39a6 100644
--- a/src/openssl/x509.c
+++ b/src/openssl/x509.c
@@ -1245,6 +1245,16 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr
}
/* todo: verify that the key matches our expectations */
+ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
+ "xmlSecKeyReqMatchKeyValue",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
+ return(-1);
+ }
+
ret = xmlSecKeySetValue(key, keyValue);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -1252,6 +1262,7 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr
"xmlSecKeySetValue",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyDataDestroy(keyValue);
return(-1);
}
}
diff --git a/src/transforms.c b/src/transforms.c
index 26b1c0c5..02a0feae 100644
--- a/src/transforms.c
+++ b/src/transforms.c
@@ -232,16 +232,16 @@ xmlSecTransformSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
* Returns 0 on success or a negative value otherwise.
*/
int
-xmlSecTransformSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+xmlSecTransformSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
+ xmlSecAssert2(keyReq != NULL, -1);
- keyInfoCtx->keyId = xmlSecKeyDataIdUnknown;
- keyInfoCtx->keyType = xmlSecKeyDataTypeUnknown;
- keyInfoCtx->keyUsage= xmlSecKeyUsageAny;
+ keyReq->keyId = xmlSecKeyDataIdUnknown;
+ keyReq->keyType = xmlSecKeyDataTypeUnknown;
+ keyReq->keyUsage= xmlSecKeyUsageAny;
if(transform->id->setKeyReq != NULL) {
- return((transform->id->setKeyReq)(transform, keyInfoCtx));
+ return((transform->id->setKeyReq)(transform, keyReq));
}
return(0);
}
diff --git a/src/xmldsig.c b/src/xmldsig.c
index 23a7957e..5c452732 100644
--- a/src/xmldsig.c
+++ b/src/xmldsig.c
@@ -891,7 +891,7 @@ xmlSecSignedInfoRead(xmlNodePtr signedInfoNode, int sign,
xmlSecKeyInfoCtxPtr keyInfoCtx;
keyInfoCtx = &(result->ctx->keyInfoCtx);
- ret = xmlSecTransformSetKeyReq(signMethod, keyInfoCtx);
+ ret = xmlSecTransformSetKeyReq(signMethod, &(keyInfoCtx->keyReq));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -924,7 +924,7 @@ xmlSecSignedInfoRead(xmlNodePtr signedInfoNode, int sign,
if(sign && (keyInfoNode != NULL)) {
/* update KeyInfo! */
/* todo: do we want to write anything else??? */
- result->ctx->keyInfoCtx.keyType = xmlSecKeyDataTypePublic;
+ result->ctx->keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypePublic;
ret = xmlSecKeyInfoNodeWrite(keyInfoNode,
result->key,
&result->ctx->keyInfoCtx);
diff --git a/src/xmlenc.c b/src/xmlenc.c
index a7bab2a7..dade7776 100644
--- a/src/xmlenc.c
+++ b/src/xmlenc.c
@@ -1138,7 +1138,7 @@ xmlSecEncryptedDataNodeRead(xmlNodePtr encNode, xmlSecEncStatePtr state, xmlSecE
xmlSecKeyInfoCtxPtr keyInfoCtx;
keyInfoCtx = &(result->ctx->keyInfoCtx);
- ret = xmlSecTransformSetKeyReq(encryptionMethod, keyInfoCtx);
+ ret = xmlSecTransformSetKeyReq(encryptionMethod, &(keyInfoCtx->keyReq));
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -1171,7 +1171,7 @@ xmlSecEncryptedDataNodeRead(xmlNodePtr encNode, xmlSecEncStatePtr state, xmlSecE
if(result->encrypt && (keyInfoNode != NULL)) {
/* update KeyInfo! */
/* todo: do we want to write anything else??? */
- result->ctx->keyInfoCtx.keyType = xmlSecKeyDataTypePublic;
+ result->ctx->keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypePublic;
ret = xmlSecKeyInfoNodeWrite(keyInfoNode,
result->key,
&result->ctx->keyInfoCtx);
diff --git a/tests/keys.xml b/tests/keys.xml
index c5ca296d..41834bcf 100644
--- a/tests/keys.xml
+++ b/tests/keys.xml
@@ -3,7 +3,7 @@
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>test-hmac-sha1</KeyName>
<KeyValue>
-<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">qoDh3PoWVkhX15/X2JSS19J+JplygGho</HMACKeyValue>
+<HMACKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">bGO5ahdDlHbt6UWM/ulMS5i6oGx0/MeG</HMACKeyValue>
</KeyValue>
</KeyInfo>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
@@ -11,17 +11,17 @@
<KeyValue>
<RSAKeyValue>
<Modulus>
-yW0o2ww8KAgcHe2VFW+2Yxnqf4HOll27J8xGQMlcxM76/RzIxsW0Ui5gyJdz6O9h
-j0smrUptf3l+MMQu0TbTYC8SHa3tiN5vt4x4RWYa/R8Kwh3X+mNmHJu09t26/uFn
-n1BA6zEw/FH6q7AM1DKTkGIDmmDhcqtWlr4Dw6V2ssN=
+v9IZkYmm5IITbgu5ElgQR1W1wuwfFtvlV+Jj2d7BihEzkAx1F46vX/b1DwXrShLg
+0gEZ2OXWNSy0UMCYMjzTF0MypV4QjTpPBVb372GSP99r2+UFFyU9AmYPOwQAP1p0
+ixQT53/ptib1y0EvXVGUSPSuS0Eh1o3ePWz92bvDFMf=
</Modulus>
<Exponent>
Aw==
</Exponent>
<PrivateExponent xmlns="http://www.aleksey.com/xmlsec/2002">
-hkjF5119cAVoE/O4uPUkQhFG/6vfDuknb92EKzDogzSnU2iF2dki4XRAhbpNRfTr
-tNzEc4bzqlD+yy10i3niPu/tG2at/Jm8YtjtPVqMX332EfHp2cSlqHIiKDyhYuM5
-P8BF+BXUyYib7eqUo89TTx5IINfgTXP1iR6tmr9uYqt=
+f+FmYQZvQwFiSV0mDDq1hOPOgfK/ZJKY5UGX5pSBBrYiYAhOD7R06qSjX1lHhrdA
+jAC75e6Ozh3NiysQIX3iDlpTH9eLKa93ETQGAtlV8mhSod3lQ9nMC7Be3b/iMN4k
+7fKL1++FoAFjD4wdJVVl2Ozusg6ii8XlcB5zsIuH44u=
</PrivateExponent>
</RSAKeyValue>
</KeyValue>
@@ -31,25 +31,25 @@ P8BF+BXUyYib7eqUo89TTx5IINfgTXP1iR6tmr9uYqt=
<KeyValue>
<DSAKeyValue>
<P>
-u8gGwbAjT8nDPsLnZEemVFSJ1LtbLsSzwPohN6bw9MbX/PvPpF+x4iFgZGMIGLvj
-oz1K5MtB637PdnCTIJaQoiGInQo3wIaBxz0fxDenDlz/FpxIfGr91rqZIT46ne/O
-1yCngeIuBKJ458iC3wUxs7Gb7dHDapxnyHNH6kNQ6JN=
+k32LGUdFuUiEp9RFXRqiO7WLfJT+zc7J76UPVLwFOUU0vAjyDXvGWdgvZRw89P7g
+P1cLoBbEGV0TfdUIqzn68vkGkFdKxMsKTY8zI2uZWntTg0jgTf0UO1xPU/QHOX5h
+axakYo37Wump2McVMeDlp2WulcmmkgLGvJ/6/V4oIwk=
</P>
<Q>
-/osoZ3kbFgjazvhYncYsdkejeLO=
+wj3vdAQcueg2vXND42tLWtcY3o8=
</Q>
<G>
-eMcm/R8vFEhW+yhkxf8NRgMDEuMFuQIr20mbtipA6ShiABQ31bQjoovpmb16uXe6
-1qHXu+YYHxEr53lr9d79KHJQB4v11nYkQB6k3D8zLzvPl6cGmuTJFYd4dmpmHo1D
-2FYE3/JTaPgjgtv3WNfTQj4Qtoepgsxc7roqooSFCua=
+KOH3Q5Oc4kifSmCASvSP6TCWoatS0uBnNqi6O8DhP23EE6AMjjcmNqlpTNDod3jY
+u/C3lbmUbs67vt5bme0FVfJJJJq9jgm8l2U+7osYjGokze5en2Oy6aL8v/ReoqhL
+EOsmzzL/3/Zs9BSMKyJJgZlL3mVC+2chjowUC1BZnf1=
</G>
<X xmlns="http://www.aleksey.com/xmlsec/2002">
-SU4Se86gNdnlK/8xslBSyu2la6e=
+gxB0wysmbekVH+XnTaqN0395aTp=
</X>
<Y>
-ueykKJBtN9ED7e69WiU+h9DHsAdVrC+D4T7u7219m0JyYlQBCaJNsyU4b2/TUsHR
-qoUR5PEaS1i23JHXnIPcprDDoNz28ZWhI4MX9gMTZSKg+O0LaFQutz7r0JR+YwqQ
-Za/nLpKw2u1oR+kFv3ZGW2s7077k7HexhKfd+5w06y0=
+FyAK2sxaxrVwmfWq84y7shjDPnAUqKxbnWv8B37S2sw72v56T+MU+/IJbmbF0N4F
+FckxjfHJndbAr3ZUcImVX424nRq/3JHMe0j5Tolt14l+ZjBlSydvwaQVGOouHTdj
+qUokiTBHYPCBwO+YYwt7xJn7jmBjuMDusQJ39R8od4s=
</Y>
</DSAKeyValue>
</KeyValue>
@@ -57,25 +57,25 @@ Za/nLpKw2u1oR+kFv3ZGW2s7077k7HexhKfd+5w06y0=
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>test-des</KeyName>
<KeyValue>
-<DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">uOQKKyrRqJLGKs0doNvstdbmrRFsKVwU</DESKeyValue>
+<DESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">ukvMEndkhZGwm+Wkeh8ch88TAhpUC+C/</DESKeyValue>
</KeyValue>
</KeyInfo>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>test-aes128</KeyName>
<KeyValue>
-<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">G1xBxq8xPBoDX7Lv3J9bXJ==</AESKeyValue>
+<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">hhrgBO95fP0kCsVVyeu3z+==</AESKeyValue>
</KeyValue>
</KeyInfo>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>test-aes192</KeyName>
<KeyValue>
-<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">fD1de7ojlIfRoWW5yM9DlwoauZzhvJOa</AESKeyValue>
+<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">UZz5z+NNJ/J5VKm2gfKvXoMfBToUl6RU</AESKeyValue>
</KeyValue>
</KeyInfo>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>test-aes256</KeyName>
<KeyValue>
-<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">TMK9zPB2pkA4bzjv8pqTLLRGYt1r4rwGJcD+pWUeQwI=</AESKeyValue>
+<AESKeyValue xmlns="http://www.aleksey.com/xmlsec/2002">MSWIgAsHM0ZYSY+RotGFkkDsARyMmM1Pf3633EZuC7d=</AESKeyValue>
</KeyValue>
</KeyInfo>
</Keys>