diff options
Diffstat (limited to 'src/gcrypt/signatures.c')
-rw-r--r-- | src/gcrypt/signatures.c | 1490 |
1 files changed, 0 insertions, 1490 deletions
diff --git a/src/gcrypt/signatures.c b/src/gcrypt/signatures.c deleted file mode 100644 index c49638e4..00000000 --- a/src/gcrypt/signatures.c +++ /dev/null @@ -1,1490 +0,0 @@ -/** - * XMLSec library - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com> - */ -#include "globals.h" - -#include <string.h> - -#include <gcrypt.h> - -#include <xmlsec/xmlsec.h> -#include <xmlsec/keys.h> -#include <xmlsec/transforms.h> -#include <xmlsec/errors.h> - -#include <xmlsec/gcrypt/crypto.h> - - -/************************************************************************** - * - * Forward declarations for actual sign/verify implementations - * - *****************************************************************************/ -typedef int (*xmlSecGCryptPkSignMethod) (int digest, - xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, - xmlSecSize dgstSize, - xmlSecBufferPtr out); -typedef int (*xmlSecGCryptPkVerifyMethod) (int digest, - xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, - xmlSecSize dgstSize, - const xmlSecByte* data, - xmlSecSize dataSize); - -#ifndef XMLSEC_NO_DSA -static int xmlSecGCryptDsaPkSign (int digest, - xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, - xmlSecSize dgstSize, - xmlSecBufferPtr out); -static int xmlSecGCryptDsaPkVerify (int digest, - xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, - xmlSecSize dgstSize, - const xmlSecByte* data, - xmlSecSize dataSize); -#endif /* XMLSEC_NO_DSA */ - -#ifndef XMLSEC_NO_RSA -static int xmlSecGCryptRsaPkcs1PkSign (int digest, - xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, - xmlSecSize dgstSize, - xmlSecBufferPtr out); -static int xmlSecGCryptRsaPkcs1PkVerify (int digest, - xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, - xmlSecSize dgstSize, - const xmlSecByte* data, - xmlSecSize dataSize); -#endif /* XMLSEC_NO_RSA */ - - -/************************************************************************** - * - * Internal GCrypt signatures ctx - * - *****************************************************************************/ -typedef struct _xmlSecGCryptPkSignatureCtx xmlSecGCryptPkSignatureCtx, - *xmlSecGCryptPkSignatureCtxPtr; - - -struct _xmlSecGCryptPkSignatureCtx { - int digest; - xmlSecKeyDataId keyId; - xmlSecGCryptPkSignMethod sign; - xmlSecGCryptPkVerifyMethod verify; - - gcry_md_hd_t digestCtx; - xmlSecKeyDataPtr key_data; - - xmlSecByte dgst[XMLSEC_GCRYPT_MAX_DIGEST_SIZE]; - xmlSecSize dgstSize; /* dgst size in bytes */ -}; - - -/****************************************************************************** - * - * Pk Signature transforms - * - * xmlSecGCryptPkSignatureCtx is located after xmlSecTransform - * - *****************************************************************************/ -#define xmlSecGCryptPkSignatureSize \ - (sizeof(xmlSecTransform) + sizeof(xmlSecGCryptPkSignatureCtx)) -#define xmlSecGCryptPkSignatureGetCtx(transform) \ - ((xmlSecGCryptPkSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) - -static int xmlSecGCryptPkSignatureCheckId (xmlSecTransformPtr transform); -static int xmlSecGCryptPkSignatureInitialize (xmlSecTransformPtr transform); -static void xmlSecGCryptPkSignatureFinalize (xmlSecTransformPtr transform); -static int xmlSecGCryptPkSignatureSetKeyReq (xmlSecTransformPtr transform, - xmlSecKeyReqPtr keyReq); -static int xmlSecGCryptPkSignatureSetKey (xmlSecTransformPtr transform, - xmlSecKeyPtr key); -static int xmlSecGCryptPkSignatureVerify (xmlSecTransformPtr transform, - const xmlSecByte* data, - xmlSecSize dataSize, - xmlSecTransformCtxPtr transformCtx); -static int xmlSecGCryptPkSignatureExecute (xmlSecTransformPtr transform, - int last, - xmlSecTransformCtxPtr transformCtx); - -static int -xmlSecGCryptPkSignatureCheckId(xmlSecTransformPtr transform) { -#ifndef XMLSEC_NO_DSA - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDsaSha1Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA1 */ - -#endif /* XMLSEC_NO_DSA */ - -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaMd5Id)) { - return(1); - } else -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaRipemd160Id)) { - return(1); - } else -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha1Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA256 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha256Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha384Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha512Id)) { - return(1); - } else -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - - { - return(0); - } - - return(0); -} - -static int -xmlSecGCryptPkSignatureInitialize(xmlSecTransformPtr transform) { - xmlSecGCryptPkSignatureCtxPtr ctx; - gcry_error_t err; - - xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - - memset(ctx, 0, sizeof(xmlSecGCryptPkSignatureCtx)); - -#ifndef XMLSEC_NO_DSA - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformDsaSha1Id)) { - ctx->digest = GCRY_MD_SHA1; - ctx->keyId = xmlSecGCryptKeyDataDsaId; - ctx->sign = xmlSecGCryptDsaPkSign; - ctx->verify = xmlSecGCryptDsaPkVerify; - } else -#endif /* XMLSEC_NO_SHA1 */ - -#endif /* XMLSEC_NO_DSA */ - -#ifndef XMLSEC_NO_RSA - -#ifndef XMLSEC_NO_MD5 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaMd5Id)) { - ctx->digest = GCRY_MD_MD5; - ctx->keyId = xmlSecGCryptKeyDataRsaId; - ctx->sign = xmlSecGCryptRsaPkcs1PkSign; - ctx->verify = xmlSecGCryptRsaPkcs1PkVerify; - } else -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaRipemd160Id)) { - ctx->digest = GCRY_MD_RMD160; - ctx->keyId = xmlSecGCryptKeyDataRsaId; - ctx->sign = xmlSecGCryptRsaPkcs1PkSign; - ctx->verify = xmlSecGCryptRsaPkcs1PkVerify; - } else -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha1Id)) { - ctx->digest = GCRY_MD_SHA1; - ctx->keyId = xmlSecGCryptKeyDataRsaId; - ctx->sign = xmlSecGCryptRsaPkcs1PkSign; - ctx->verify = xmlSecGCryptRsaPkcs1PkVerify; - } else -#endif /* XMLSEC_NO_SHA1 */ - -#ifndef XMLSEC_NO_SHA256 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha256Id)) { - ctx->digest = GCRY_MD_SHA256; - ctx->keyId = xmlSecGCryptKeyDataRsaId; - ctx->sign = xmlSecGCryptRsaPkcs1PkSign; - ctx->verify = xmlSecGCryptRsaPkcs1PkVerify; - } else -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha384Id)) { - ctx->digest = GCRY_MD_SHA384; - ctx->keyId = xmlSecGCryptKeyDataRsaId; - ctx->sign = xmlSecGCryptRsaPkcs1PkSign; - ctx->verify = xmlSecGCryptRsaPkcs1PkVerify; - } else -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 - if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformRsaSha512Id)) { - ctx->digest = GCRY_MD_SHA512; - ctx->keyId = xmlSecGCryptKeyDataRsaId; - ctx->sign = xmlSecGCryptRsaPkcs1PkSign; - ctx->verify = xmlSecGCryptRsaPkcs1PkVerify; - } else -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - - if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* create digest ctx */ - err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */ - if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - return(-1); - } - - /* done */ - return(0); -} - -static void -xmlSecGCryptPkSignatureFinalize(xmlSecTransformPtr transform) { - xmlSecGCryptPkSignatureCtxPtr ctx; - - xmlSecAssert(xmlSecGCryptPkSignatureCheckId(transform)); - xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize)); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert(ctx != NULL); - - if(ctx->key_data != NULL) { - xmlSecKeyDataDestroy(ctx->key_data); - } - if(ctx->digestCtx != NULL) { - gcry_md_close(ctx->digestCtx); - } - - memset(ctx, 0, sizeof(xmlSecGCryptPkSignatureCtx)); -} - -static int -xmlSecGCryptPkSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecGCryptPkSignatureCtxPtr ctx; - xmlSecKeyDataPtr key_data; - - xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1); - xmlSecAssert2(key != NULL, -1); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); - xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); - - key_data = xmlSecKeyGetValue(key); - xmlSecAssert2(key_data != NULL, -1); - - if(ctx->key_data != NULL) { - xmlSecKeyDataDestroy(ctx->key_data); - } - - ctx->key_data = xmlSecKeyDataDuplicate(key_data); - if(ctx->key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKeyDataDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - return(0); -} - -static int -xmlSecGCryptPkSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecGCryptPkSignatureCtxPtr ctx; - - xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1); - xmlSecAssert2(keyReq != NULL, -1); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->keyId != NULL, -1); - - keyReq->keyId = ctx->keyId; - if(transform->operation == xmlSecTransformOperationSign) { - keyReq->keyType = xmlSecKeyDataTypePrivate; - keyReq->keyUsage = xmlSecKeyUsageSign; - } else { - keyReq->keyType = xmlSecKeyDataTypePublic; - keyReq->keyUsage = xmlSecKeyUsageVerify; - } - return(0); -} - - -static int -xmlSecGCryptPkSignatureVerify(xmlSecTransformPtr transform, - const xmlSecByte* data, xmlSecSize dataSize, - xmlSecTransformCtxPtr transformCtx) { - xmlSecGCryptPkSignatureCtxPtr ctx; - int ret; - - xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1); - xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1); - xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); - xmlSecAssert2(data != NULL, -1); - xmlSecAssert2(transformCtx != NULL, -1); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->sign != NULL, -1); - xmlSecAssert2(ctx->verify != NULL, -1); - xmlSecAssert2(ctx->dgstSize > 0, -1); - xmlSecAssert2(ctx->key_data != NULL, -1); - - ret = ctx->verify(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, data, dataSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "ctx->verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* check result */ - if(ret == 1) { - transform->status = xmlSecTransformStatusOk; - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "ctx->verify", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature do not match"); - transform->status = xmlSecTransformStatusFail; - } - - /* done */ - return(0); -} - -static int -xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecGCryptPkSignatureCtxPtr ctx; - xmlSecBufferPtr in, out; - xmlSecSize inSize; - xmlSecSize outSize; - int ret; - - xmlSecAssert2(xmlSecGCryptPkSignatureCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); - xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptPkSignatureSize), -1); - xmlSecAssert2(transformCtx != NULL, -1); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->sign != NULL, -1); - xmlSecAssert2(ctx->verify != NULL, -1); - - in = &(transform->inBuf); - out = &(transform->outBuf); - inSize = xmlSecBufferGetSize(in); - outSize = xmlSecBufferGetSize(out); - - ctx = xmlSecGCryptPkSignatureGetCtx(transform); - xmlSecAssert2(ctx != NULL, -1); - xmlSecAssert2(ctx->key_data != NULL, -1); - - if(transform->status == xmlSecTransformStatusNone) { - /* do nothing, already initialized */ - transform->status = xmlSecTransformStatusWorking; - } - - if(transform->status == xmlSecTransformStatusWorking) { - xmlSecAssert2(outSize == 0, -1); - - /* update the digest */ - if(inSize > 0) { - gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize); - - ret = xmlSecBufferRemoveHead(in, inSize); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); - return(-1); - } - } - - /* generate digest and signature */ - if(last != 0) { - xmlSecByte* buf; - - /* get the final digest */ - gcry_md_final(ctx->digestCtx); - buf = gcry_md_read(ctx->digestCtx, ctx->digest); - if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_read", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - /* copy it to our internal buffer */ - ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest); - xmlSecAssert2(ctx->dgstSize > 0, -1); - xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1); - memcpy(ctx->dgst, buf, ctx->dgstSize); - - xmlSecAssert2(outSize == 0, -1); - if(transform->operation == xmlSecTransformOperationSign) { - ret = ctx->sign(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, out); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "ctx->sign", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } - - /* done */ - transform->status = xmlSecTransformStatusFinished; - } - } - - if((transform->status == xmlSecTransformStatusWorking) || (transform->status == xmlSecTransformStatusFinished)) { - /* the only way we can get here is if there is no input */ - xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); - return(-1); - } - - return(0); -} - -/***************************************************************************** - * - * Helper - * - ****************************************************************************/ -static int -xmlSecGCryptAppendMpi(gcry_mpi_t a, xmlSecBufferPtr out, xmlSecSize min_size) { - xmlSecSize outSize; - size_t written; - gpg_error_t err; - int ret; - - xmlSecAssert2(a != NULL, -1); - xmlSecAssert2(out != NULL, -1); - - /* current size */ - outSize = xmlSecBufferGetSize(out); - - /* figure out how much space we need */ - written = 0; - err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a); - if((err != GPG_ERR_NO_ERROR) || (written == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_print", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - return(-1); - } - - /* add zeros at the beggining (if needed) */ - if((min_size > 0) && (written < min_size)) { - outSize += (min_size - written); - } - - /* allocate space */ - ret = xmlSecBufferSetMaxSize(out, outSize + written + 1); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)(outSize + written + 1)); - return(-1); - } - xmlSecAssert2(xmlSecBufferGetMaxSize(out) > outSize, -1); - - /* add zeros at the beggining (if needed) */ - if((min_size > 0) && (written < min_size)) { - xmlSecSize ii; - xmlSecByte * p = xmlSecBufferGetData(out); - - for(ii = 0; ii < (min_size - written); ++ii) { - p[outSize - ii - 1] = 0; - } - } - - /* write out */ - written = 0; - err = gcry_mpi_print(GCRYMPI_FMT_USG, - xmlSecBufferGetData(out) + outSize, - xmlSecBufferGetMaxSize(out) - outSize, - &written, a); - if((err != GPG_ERR_NO_ERROR) || (written == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_print", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - return(-1); - } - - /* reset size */ - ret = xmlSecBufferSetSize(out, outSize + written); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - (int)(outSize + written)); - return(-1); - } - - /* done */ - return(0); -} - -#ifndef XMLSEC_NO_DSA - -#ifndef XMLSEC_NO_SHA1 -/**************************************************************************** - * - * DSA-SHA1 signature transform - * - * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg: - * - * The output of the DSA algorithm consists of a pair of integers - * usually referred by the pair (r, s). The signature value consists of - * the base64 encoding of the concatenation of two octet-streams that - * respectively result from the octet-encoding of the values r and s in - * that order. Integer to octet-stream conversion must be done according - * to the I2OSP operation defined in the RFC 2437 [PKCS1] specification - * with a l parameter equal to 20. For example, the SignatureValue element - * for a DSA signature (r, s) with values specified in hexadecimal: - * - * r = 8BAC1AB6 6410435C B7181F95 B16AB97C 92B341C0 - * s = 41E2345F 1F56DF24 58F426D1 55B4BA2D B6DCD8C8 - * - * from the example in Appendix 5 of the DSS standard would be - * - * <SignatureValue>i6watmQQQ1y3GB+VsWq5fJKzQcBB4jRfH1bfJFj0JtFVtLotttzYyA==</SignatureValue> - * - ***************************************************************************/ -static int -xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, xmlSecSize dgstSize, - xmlSecBufferPtr out) { - gcry_mpi_t m_hash = NULL; - gcry_sexp_t s_data = NULL; - gcry_sexp_t s_sig = NULL; - gcry_sexp_t s_r = NULL; - gcry_sexp_t s_s = NULL; - gcry_mpi_t m_r = NULL; - gcry_mpi_t m_s = NULL; - gcry_sexp_t s_tmp; - gpg_error_t err; - int ret; - int res = -1; - - xmlSecAssert2(key_data != NULL, -1); - xmlSecAssert2(xmlSecGCryptKeyDataDsaGetPrivateKey(key_data) != NULL, -1); - xmlSecAssert2(dgst != NULL, -1); - xmlSecAssert2(dgstSize > 0, -1); - xmlSecAssert2(out != NULL, -1); - - /* get the current digest, can't use "hash" :( */ - err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL); - if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(hash)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - err = gcry_sexp_build (&s_data, NULL, - "(data (flags raw)(value %m))", - m_hash); - if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* create signature */ - err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataDsaGetPrivateKey(key_data)); - if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_sign", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* find signature value */ - s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0); - if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - gcry_sexp_release(s_sig); - s_sig = s_tmp; - - s_tmp = gcry_sexp_find_token(s_sig, "dsa", 0); - if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - gcry_sexp_release(s_sig); - s_sig = s_tmp; - - /* r */ - s_r = gcry_sexp_find_token(s_sig, "r", 0); - if(s_r == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - m_r = gcry_sexp_nth_mpi(s_r, 1, GCRYMPI_FMT_USG); - if(m_r == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi(r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - /* s */ - s_s = gcry_sexp_find_token(s_sig, "s", 0); - if(s_s == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - m_s = gcry_sexp_nth_mpi(s_s, 1, GCRYMPI_FMT_USG); - if(m_s == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - /* write out: r + s */ - ret = xmlSecGCryptAppendMpi(m_r, out, 20); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppendMpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - xmlSecAssert2(xmlSecBufferGetSize(out) == 20, -1); - ret = xmlSecGCryptAppendMpi(m_s, out, 20); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppendMpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - xmlSecAssert2(xmlSecBufferGetSize(out) == (20 + 20), -1); - - /* done */ - res = 0; - -done: - if(m_hash != NULL) { - gcry_mpi_release(m_hash); - } - if(m_r != NULL) { - gcry_mpi_release(m_r); - } - if(m_s != NULL) { - gcry_mpi_release(m_s); - } - - if(s_data != NULL) { - gcry_sexp_release(s_data); - } - if(s_sig != NULL) { - gcry_sexp_release(s_sig); - } - if(s_r != NULL) { - gcry_sexp_release(s_r); - } - if(s_s != NULL) { - gcry_sexp_release(s_s); - } - - return(res); -} - -static int -xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, xmlSecSize dgstSize, - const xmlSecByte* data, xmlSecSize dataSize) { - gcry_mpi_t m_hash = NULL; - gcry_sexp_t s_data = NULL; - gcry_mpi_t m_sig_r = NULL; - gcry_mpi_t m_sig_s = NULL; - gcry_sexp_t s_sig = NULL; - gpg_error_t err; - int res = -1; - - xmlSecAssert2(key_data != NULL, -1); - xmlSecAssert2(xmlSecGCryptKeyDataDsaGetPublicKey(key_data) != NULL, -1); - xmlSecAssert2(dgst != NULL, -1); - xmlSecAssert2(dgstSize > 0, -1); - xmlSecAssert2(data != NULL, -1); - xmlSecAssert2(dataSize == (20 + 20), -1); - - /* get the current digest, can't use "hash" :( */ - err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL); - if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(hash)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - err = gcry_sexp_build (&s_data, NULL, - "(data (flags raw)(value %m))", - m_hash); - if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* get the existing signature */ - err = gcry_mpi_scan(&m_sig_r, GCRYMPI_FMT_USG, data, 20, NULL); - if((err != GPG_ERR_NO_ERROR) || (m_sig_r == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - err = gcry_mpi_scan(&m_sig_s, GCRYMPI_FMT_USG, data + 20, 20, NULL); - if((err != GPG_ERR_NO_ERROR) || (m_sig_s == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - err = gcry_sexp_build (&s_sig, NULL, - "(sig-val(dsa(r %m)(s %m)))", - m_sig_r, m_sig_s); - if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* verify signature */ - err = gcry_pk_verify(s_sig, s_data, xmlSecGCryptKeyDataDsaGetPublicKey(key_data)); - if(err == GPG_ERR_NO_ERROR) { - res = 1; /* good signature */ - } else if(err == GPG_ERR_BAD_SIGNATURE) { - res = 0; /* bad signature */ - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* done */ -done: - if(m_hash != NULL) { - gcry_mpi_release(m_hash); - } - if(m_sig_r != NULL) { - gcry_mpi_release(m_sig_r); - } - if(m_sig_s != NULL) { - gcry_mpi_release(m_sig_s); - } - - if(s_data != NULL) { - gcry_sexp_release(s_data); - } - if(s_sig != NULL) { - gcry_sexp_release(s_sig); - } - - return(res); -} - - -static xmlSecTransformKlass xmlSecGCryptDsaSha1Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameDsaSha1, /* const xmlChar* name; */ - xmlSecHrefDsaSha1, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformDsaSha1GetKlass: - * - * The DSA-SHA1 signature transform klass. - * - * Returns: DSA-SHA1 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformDsaSha1GetKlass(void) { - return(&xmlSecGCryptDsaSha1Klass); -} - -#endif /* XMLSEC_NO_SHA1 */ - -#endif /* XMLSEC_NO_DSA */ - -#ifndef XMLSEC_NO_RSA - -/**************************************************************************** - * - * RSA-SHA1 signature transform - * - * http://www.w3.org/TR/xmldsig-core/#sec-SignatureAlg: - * - * The SignatureValue content for an RSA signature is the base64 [MIME] - * encoding of the octet string computed as per RFC 2437 [PKCS1, - * section 8.1.1: Signature generation for the RSASSA-PKCS1-v1_5 signature - * scheme]. As specified in the EMSA-PKCS1-V1_5-ENCODE function RFC 2437 - * [PKCS1, section 9.2.1], the value input to the signature function MUST - * contain a pre-pended algorithm object identifier for the hash function, - * but the availability of an ASN.1 parser and recognition of OIDs is not - * required of a signature verifier. The PKCS#1 v1.5 representation appears - * as: - * - * CRYPT (PAD (ASN.1 (OID, DIGEST (data)))) - * - * Note that the padded ASN.1 will be of the following form: - * - * 01 | FF* | 00 | prefix | hash - * - * where "|" is concatenation, "01", "FF", and "00" are fixed octets of - * the corresponding hexadecimal value, "hash" is the SHA1 digest of the - * data, and "prefix" is the ASN.1 BER SHA1 algorithm designator prefix - * required in PKCS1 [RFC 2437], that is, - * - * hex 30 21 30 09 06 05 2B 0E 03 02 1A 05 00 04 14 - * - * This prefix is included to make it easier to use standard cryptographic - * libraries. The FF octet MUST be repeated the maximum number of times such - * that the value of the quantity being CRYPTed is one octet shorter than - * the RSA modulus. - * - ***************************************************************************/ -static int -xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, xmlSecSize dgstSize, - xmlSecBufferPtr out) { - gcry_sexp_t s_data = NULL; - gcry_mpi_t m_sig = NULL; - gcry_sexp_t s_sig = NULL; - gcry_sexp_t s_tmp; - gpg_error_t err; - int ret; - int res = -1; - - xmlSecAssert2(key_data != NULL, -1); - xmlSecAssert2(xmlSecGCryptKeyDataRsaGetPrivateKey(key_data) != NULL, -1); - xmlSecAssert2(dgst != NULL, -1); - xmlSecAssert2(dgstSize > 0, -1); - xmlSecAssert2(out != NULL, -1); - - /* get the current digest */ - err = gcry_sexp_build (&s_data, NULL, - "(data (flags pkcs1)(hash %s %b))", - gcry_md_algo_name(digest), - (int)dgstSize, dgst); - if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* create signature */ - err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataRsaGetPrivateKey(key_data)); - if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_sign", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* find signature value */ - s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0); - if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - gcry_sexp_release(s_sig); - s_sig = s_tmp; - - s_tmp = gcry_sexp_find_token(s_sig, "rsa", 0); - if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - gcry_sexp_release(s_sig); - s_sig = s_tmp; - - s_tmp = gcry_sexp_find_token(s_sig, "s", 0); - if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - gcry_sexp_release(s_sig); - s_sig = s_tmp; - - m_sig = gcry_sexp_nth_mpi(s_sig, 1, GCRYMPI_FMT_USG); - if(m_sig == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi(1)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - /* write out */ - ret = xmlSecGCryptAppendMpi(m_sig, out, 0); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppendMpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - /* done */ - res = 0; - -done: - if(m_sig != NULL) { - gcry_mpi_release(m_sig); - } - - if(s_data != NULL) { - gcry_sexp_release(s_data); - } - if(s_sig != NULL) { - gcry_sexp_release(s_sig); - } - - return(res); -} - -static int -xmlSecGCryptRsaPkcs1PkVerify(int digest, xmlSecKeyDataPtr key_data, - const xmlSecByte* dgst, xmlSecSize dgstSize, - const xmlSecByte* data, xmlSecSize dataSize) { - gcry_sexp_t s_data = NULL; - gcry_mpi_t m_sig = NULL; - gcry_sexp_t s_sig = NULL; - gpg_error_t err; - int res = -1; - - xmlSecAssert2(key_data != NULL, -1); - xmlSecAssert2(xmlSecGCryptKeyDataRsaGetPublicKey(key_data) != NULL, -1); - xmlSecAssert2(dgst != NULL, -1); - xmlSecAssert2(dgstSize > 0, -1); - xmlSecAssert2(data != NULL, -1); - xmlSecAssert2(dataSize > 0, -1); - - /* get the current digest */ - err = gcry_sexp_build (&s_data, NULL, - "(data (flags pkcs1)(hash %s %b))", - gcry_md_algo_name(digest), - (int)dgstSize, dgst); - if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* get the existing signature */ - err = gcry_mpi_scan(&m_sig, GCRYMPI_FMT_USG, data, dataSize, NULL); - if((err != GPG_ERR_NO_ERROR) || (m_sig == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - err = gcry_sexp_build (&s_sig, NULL, - "(sig-val(rsa(s %m)))", - m_sig); - if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* verify signature */ - err = gcry_pk_verify(s_sig, s_data, xmlSecGCryptKeyDataRsaGetPublicKey(key_data)); - if(err == GPG_ERR_NO_ERROR) { - res = 1; /* good signature */ - } else if(err == GPG_ERR_BAD_SIGNATURE) { - res = 0; /* bad signature */ - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); - goto done; - } - - /* done */ -done: - if(m_sig != NULL) { - gcry_mpi_release(m_sig); - } - - if(s_data != NULL) { - gcry_sexp_release(s_data); - } - if(s_sig != NULL) { - gcry_sexp_release(s_sig); - } - - return(res); -} - - -#ifndef XMLSEC_NO_MD5 -/**************************************************************************** - * - * RSA-MD5 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecGCryptRsaMd5Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaMd5, /* const xmlChar* name; */ - xmlSecHrefRsaMd5, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformRsaMd5GetKlass: - * - * The RSA-MD5 signature transform klass. - * - * Returns: RSA-MD5 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformRsaMd5GetKlass(void) { - return(&xmlSecGCryptRsaMd5Klass); -} - -#endif /* XMLSEC_NO_MD5 */ - -#ifndef XMLSEC_NO_RIPEMD160 -/**************************************************************************** - * - * RSA-RIPEMD160 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecGCryptRsaRipemd160Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaRipemd160, /* const xmlChar* name; */ - xmlSecHrefRsaRipemd160, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformRsaRipemd160GetKlass: - * - * The RSA-RIPEMD160 signature transform klass. - * - * Returns: RSA-RIPEMD160 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformRsaRipemd160GetKlass(void) { - return(&xmlSecGCryptRsaRipemd160Klass); -} - -#endif /* XMLSEC_NO_RIPEMD160 */ - -#ifndef XMLSEC_NO_SHA1 -/**************************************************************************** - * - * RSA-SHA1 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecGCryptRsaSha1Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha1, /* const xmlChar* name; */ - xmlSecHrefRsaSha1, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformRsaSha1GetKlass: - * - * The RSA-SHA1 signature transform klass. - * - * Returns: RSA-SHA1 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformRsaSha1GetKlass(void) { - return(&xmlSecGCryptRsaSha1Klass); -} - -#endif /* XMLSEC_NO_SHA1 */ - - -#ifndef XMLSEC_NO_SHA256 -/**************************************************************************** - * - * RSA-SHA256 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecGCryptRsaSha256Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha256, /* const xmlChar* name; */ - xmlSecHrefRsaSha256, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformRsaSha256GetKlass: - * - * The RSA-SHA256 signature transform klass. - * - * Returns: RSA-SHA256 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformRsaSha256GetKlass(void) { - return(&xmlSecGCryptRsaSha256Klass); -} - -#endif /* XMLSEC_NO_SHA256 */ - -#ifndef XMLSEC_NO_SHA384 -/**************************************************************************** - * - * RSA-SHA384 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecGCryptRsaSha384Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha384, /* const xmlChar* name; */ - xmlSecHrefRsaSha384, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformRsaSha384GetKlass: - * - * The RSA-SHA384 signature transform klass. - * - * Returns: RSA-SHA384 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformRsaSha384GetKlass(void) { - return(&xmlSecGCryptRsaSha384Klass); -} - -#endif /* XMLSEC_NO_SHA384 */ - -#ifndef XMLSEC_NO_SHA512 -/**************************************************************************** - * - * RSA-SHA512 signature transform - * - ***************************************************************************/ -static xmlSecTransformKlass xmlSecGCryptRsaSha512Klass = { - /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecGCryptPkSignatureSize, /* xmlSecSize objSize */ - - xmlSecNameRsaSha512, /* const xmlChar* name; */ - xmlSecHrefRsaSha512, /* const xmlChar* href; */ - xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ - - xmlSecGCryptPkSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecGCryptPkSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecGCryptPkSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ - xmlSecGCryptPkSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - xmlSecGCryptPkSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecGCryptPkSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/** - * xmlSecGCryptTransformRsaSha512GetKlass: - * - * The RSA-SHA512 signature transform klass. - * - * Returns: RSA-SHA512 signature transform klass. - */ -xmlSecTransformId -xmlSecGCryptTransformRsaSha512GetKlass(void) { - return(&xmlSecGCryptRsaSha512Klass); -} - -#endif /* XMLSEC_NO_SHA512 */ - -#endif /* XMLSEC_NO_RSA */ - - - |