summaryrefslogtreecommitdiff
path: root/src/xmldsig.c
diff options
context:
space:
mode:
authorsangwan.kwon <sangwan.kwon@samsung.com>2016-07-28 15:17:14 +0900
committersangwan.kwon <sangwan.kwon@samsung.com>2016-07-28 15:17:14 +0900
commit1ca1a139b4c1a00de4d72f64b7411e118111a161 (patch)
tree2c93e5dbce5b42d1efd45520b1c8cd50b6bf6998 /src/xmldsig.c
parentfe8ea3dba5971ab3f47090ba52d7f824c3d23545 (diff)
parentd4d35351fd63a7051a7cbef2002cb0c641925ec3 (diff)
downloadxmlsec1-1ca1a139b4c1a00de4d72f64b7411e118111a161.tar.gz
xmlsec1-1ca1a139b4c1a00de4d72f64b7411e118111a161.tar.bz2
xmlsec1-1ca1a139b4c1a00de4d72f64b7411e118111a161.zip
Merge branch 'upstream' into tizen
Change-Id: Iacc73c9ed5e9cfd188df62c405426bfa89bf4e51
Diffstat (limited to 'src/xmldsig.c')
-rw-r--r--src/xmldsig.c235
1 files changed, 156 insertions, 79 deletions
diff --git a/src/xmldsig.c b/src/xmldsig.c
index d48a2ca7..ff340f77 100644
--- a/src/xmldsig.c
+++ b/src/xmldsig.c
@@ -8,7 +8,7 @@
* This is free software; see Copyright file in the source
* distribution for preciese wording.
*
- * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
+ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
*/
#include "globals.h"
@@ -36,23 +36,27 @@
* xmlSecDSigCtx
*
*************************************************************************/
-static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node);
-static int xmlSecDSigCtxProcessSignatureNodeEx (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node, int noHash, void* pList);
-static int xmlSecDSigCtxProcessSignedInfoNodeEx (xmlSecDSigCtxPtr dsigCtx,
- xmlNodePtr node, int noHash, void* pList);
-static int xmlSecDSigReferenceCtxProcessNodeEx (xmlSecDSigReferenceCtxPtr dsigRefCtx,
- xmlNodePtr node, int noHash, void* pList);
-
+static int xmlSecDSigCtxProcessSignatureNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessSignedInfoNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node,
+ xmlNodePtr * firstReferenceNode);
+static int xmlSecDSigCtxProcessKeyInfoNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node);
+static int xmlSecDSigCtxProcessReferences (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr firstReferenceNode);
+
+/* Tizen : Support for various validation mode */
+static int xmlSecDSigCtxProcessSignatureNodeEx (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node, int noHash, void* pList);
+static int xmlSecDSigCtxProcessSignedInfoNodeEx (xmlSecDSigCtxPtr dsigCtx,
+ xmlNodePtr node, int noHash, void* pList);
+static int xmlSecDSigReferenceCtxProcessNodeEx (xmlSecDSigReferenceCtxPtr dsigRefCtx,
+ xmlNodePtr node, int noHash, void* pList);
/* The ID attribute in XMLDSig is 'Id' */
static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL };
@@ -85,7 +89,7 @@ xmlSecDSigCtxCreate(xmlSecKeysMngrPtr keysMngr) {
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"sizeof(xmlSecDSigCtx)=%d",
- sizeof(xmlSecDSigCtx));
+ (int)sizeof(xmlSecDSigCtx));
return(NULL);
}
@@ -172,10 +176,26 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) {
}
/* references lists from SignedInfo and Manifest elements */
- xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences),
- xmlSecDSigReferenceCtxListId);
- xmlSecPtrListInitialize(&(dsigCtx->manifestReferences),
- xmlSecDSigReferenceCtxListId);
+ ret = xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences),
+ xmlSecDSigReferenceCtxListId);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(ret);
+ }
+ ret = xmlSecPtrListInitialize(&(dsigCtx->manifestReferences),
+ xmlSecDSigReferenceCtxListId);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecPtrListInitialize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(ret);
+ }
dsigCtx->enabledReferenceUris = xmlSecTransformUriTypeAny;
return(0);
@@ -466,6 +486,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
xmlSecTransformDataType firstType;
xmlNodePtr signedInfoNode = NULL;
xmlNodePtr keyInfoNode = NULL;
+ xmlNodePtr firstReferenceNode = NULL;
xmlNodePtr cur;
int ret;
@@ -554,7 +575,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
}
/* now validated all the references and prepare transform */
- ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode);
+ ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode, &firstReferenceNode);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
@@ -563,15 +584,12 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
- /* references processing might change the status */
- if(dsigCtx->status != xmlSecDSigStatusUnknown) {
- return(0);
- }
/* as the result, we should have sign and c14n methods set */
xmlSecAssert2(dsigCtx->signMethod != NULL, -1);
xmlSecAssert2(dsigCtx->c14nMethod != NULL, -1);
+ /* now read key info node */
ret = xmlSecDSigCtxProcessKeyInfoNode(dsigCtx, keyInfoNode);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -584,6 +602,21 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
/* as the result, we should have a key */
xmlSecAssert2(dsigCtx->signKey != NULL, -1);
+ /* now actually process references and calculate digests */
+ ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecDSigCtxProcessReferences",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ /* references processing might change the status */
+ if(dsigCtx->status != xmlSecDSigStatusUnknown) {
+ return(0);
+ }
+
/* if we need to write result to xml node then we need base64 encode result */
if(dsigCtx->operation == xmlSecTransformOperationSign) {
xmlSecTransformPtr base64Encode;
@@ -679,18 +712,18 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
*
*/
static int
-xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
- xmlSecDSigReferenceCtxPtr dsigRefCtx;
+xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xmlNodePtr * firstReferenceNode) {
+ xmlSecSize refNodesCount = 0;
xmlNodePtr cur;
- int ret;
xmlSecAssert2(dsigCtx != NULL, -1);
xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
xmlSecAssert2(dsigCtx->signMethod == NULL, -1);
xmlSecAssert2(dsigCtx->c14nMethod == NULL, -1);
xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
- xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1);
xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(firstReferenceNode != NULL, -1);
+ xmlSecAssert2((*firstReferenceNode) == NULL, -1);
/* first node is required CanonicalizationMethod. */
cur = xmlSecGetNextElementNode(node->children);
@@ -784,9 +817,71 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
}
dsigCtx->signMethod->operation = dsigCtx->operation;
- /* calculate references */
- cur = xmlSecGetNextElementNode(cur->next);
+ /* read references */
+ if(cur != NULL) {
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) {
+ /* record first reference node */
+ if((*firstReferenceNode) == NULL) {
+ (*firstReferenceNode) = cur;
+ }
+ ++refNodesCount;
+
+ /* go to next */
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ /* check that we have at least one Reference */
+ if(refNodesCount == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* if there is something left than it's an error */
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_UNEXPECTED_NODE,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* done */
+ return(0);
+}
+
+
+static int
+xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode) {
+ xmlSecDSigReferenceCtxPtr dsigRefCtx;
+ xmlNodePtr cur;
+ int ret;
+
+ xmlSecAssert2(dsigCtx != NULL, -1);
+ xmlSecAssert2(dsigCtx->status == xmlSecDSigStatusUnknown, -1);
+ xmlSecAssert2((dsigCtx->operation == xmlSecTransformOperationSign) || (dsigCtx->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0, -1);
+ xmlSecAssert2(firstReferenceNode != NULL, -1);
+
+ /* process references */
+ for(cur = firstReferenceNode; (cur != NULL); cur = xmlSecGetNextElementNode(cur->next)) {
+ /* already checked but we trust none */
+ if(!xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "expected=%s",
+ xmlSecErrorsSafeString(xmlSecNodeReference));
+ return(-1);
+ }
+
/* create reference */
dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo);
if(dsigRefCtx == NULL) {
@@ -827,31 +922,13 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
dsigCtx->status = xmlSecDSigStatusInvalid;
return(0);
}
- cur = xmlSecGetNextElementNode(cur->next);
- }
-
- /* check that we have at least one Reference */
- if(xmlSecPtrListGetSize(&(dsigCtx->signedInfoReferences)) == 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_DSIG_NO_REFERENCES,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
}
- /* if there is something left than it's an error */
- if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
+ /* done */
return(0);
}
+
static int
xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) {
int ret;
@@ -1130,9 +1207,9 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
(xmlSecBufferGetData(dsigCtx->result) != NULL)) {
fprintf(output, "== Result - start buffer:\n");
- fwrite(xmlSecBufferGetData(dsigCtx->result),
- xmlSecBufferGetSize(dsigCtx->result),
- 1, output);
+ (void)fwrite(xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result),
+ 1, output);
fprintf(output, "\n== Result - end buffer\n");
}
if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) &&
@@ -1140,9 +1217,9 @@ xmlSecDSigCtxDebugDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) {
fprintf(output, "== PreSigned data - start buffer:\n");
- fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- 1, output);
+ (void)fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ 1, output);
fprintf(output, "\n== PreSigned data - end buffer\n");
}
}
@@ -1219,9 +1296,9 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
(xmlSecBufferGetData(dsigCtx->result) != NULL)) {
fprintf(output, "<Result>");
- fwrite(xmlSecBufferGetData(dsigCtx->result),
- xmlSecBufferGetSize(dsigCtx->result),
- 1, output);
+ (void)fwrite(xmlSecBufferGetData(dsigCtx->result),
+ xmlSecBufferGetSize(dsigCtx->result),
+ 1, output);
fprintf(output, "</Result>\n");
}
if(((dsigCtx->flags & XMLSEC_DSIG_FLAGS_STORE_SIGNATURE) != 0) &&
@@ -1229,9 +1306,9 @@ xmlSecDSigCtxDebugXmlDump(xmlSecDSigCtxPtr dsigCtx, FILE* output) {
(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)) != NULL)) {
fprintf(output, "<PreSignedData>");
- fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
- 1, output);
+ (void)fwrite(xmlSecBufferGetData(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ xmlSecBufferGetSize(xmlSecDSigCtxGetPreSignBuffer(dsigCtx)),
+ 1, output);
fprintf(output, "</PreSignedData>\n");
}
@@ -1272,7 +1349,7 @@ xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, xmlSecDSigReferenceOrigin
NULL,
XMLSEC_ERRORS_R_MALLOC_FAILED,
"sizeof(xmlSecDSigReferenceCtx)=%d",
- sizeof(xmlSecDSigReferenceCtx));
+ (int)sizeof(xmlSecDSigReferenceCtx));
return(NULL);
}
@@ -1685,9 +1762,9 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp
(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) {
fprintf(output, "== PreDigest data - start buffer:\n");
- fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- 1, output);
+ (void)fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ 1, output);
fprintf(output, "\n== PreDigest data - end buffer\n");
}
@@ -1695,9 +1772,9 @@ xmlSecDSigReferenceCtxDebugDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* outp
(xmlSecBufferGetData(dsigRefCtx->result) != NULL)) {
fprintf(output, "== Result - start buffer:\n");
- fwrite(xmlSecBufferGetData(dsigRefCtx->result),
- xmlSecBufferGetSize(dsigRefCtx->result), 1,
- output);
+ (void)fwrite(xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result), 1,
+ output);
fprintf(output, "\n== Result - end buffer\n");
}
}
@@ -1758,9 +1835,9 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o
(xmlSecBufferGetData(dsigRefCtx->result) != NULL)) {
fprintf(output, "<Result>");
- fwrite(xmlSecBufferGetData(dsigRefCtx->result),
- xmlSecBufferGetSize(dsigRefCtx->result), 1,
- output);
+ (void)fwrite(xmlSecBufferGetData(dsigRefCtx->result),
+ xmlSecBufferGetSize(dsigRefCtx->result), 1,
+ output);
fprintf(output, "</Result>\n");
}
@@ -1768,9 +1845,9 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o
(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)) != NULL)) {
fprintf(output, "<PreDigestData>");
- fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
- 1, output);
+ (void)fwrite(xmlSecBufferGetData(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ xmlSecBufferGetSize(xmlSecDSigReferenceCtxGetPreDigestBuffer(dsigRefCtx)),
+ 1, output);
fprintf(output, "</PreDigestData>\n");
}
if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 14:16:30 +0000