summaryrefslogtreecommitdiff
path: root/src/gnutls
diff options
context:
space:
mode:
Diffstat (limited to 'src/gnutls')
-rw-r--r--src/gnutls/Makefile.am12
-rw-r--r--src/gnutls/Makefile.in96
-rw-r--r--src/gnutls/README11
-rw-r--r--src/gnutls/app.c1047
-rw-r--r--src/gnutls/asymkeys.c455
-rw-r--r--src/gnutls/ciphers.c824
-rw-r--r--src/gnutls/crypto.c304
-rw-r--r--src/gnutls/digests.c346
-rw-r--r--src/gnutls/globals.h11
-rw-r--r--src/gnutls/hmac.c584
-rw-r--r--src/gnutls/kw_aes.c72
-rw-r--r--src/gnutls/kw_des.c51
-rw-r--r--src/gnutls/signatures.c148
-rw-r--r--src/gnutls/symkeys.c379
-rw-r--r--src/gnutls/x509.c1960
-rw-r--r--src/gnutls/x509utils.c1687
-rw-r--r--src/gnutls/x509utils.h143
-rw-r--r--src/gnutls/x509vfy.c802
18 files changed, 2317 insertions, 6615 deletions
diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am
index 84ce637a..7d639a34 100644
--- a/src/gnutls/Makefile.am
+++ b/src/gnutls/Makefile.am
@@ -24,15 +24,7 @@ libxmlsec1_gnutls_la_SOURCES =\
crypto.c \
digests.c \
hmac.c \
- kw_aes.c \
- kw_des.c \
symkeys.c \
- asymkeys.c \
- signatures.c \
- x509utils.h \
- x509utils.c \
- x509.c \
- x509vfy.c \
globals.h \
$(NULL)
@@ -40,13 +32,11 @@ if SHAREDLIB_HACK
libxmlsec1_gnutls_la_SOURCES += ../strings.c
endif
-# xmlsec-gnutls library requires xmlsec-gcrypt
libxmlsec1_gnutls_la_LIBADD = \
+ ../libxmlsec1.la \
$(GNUTLS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
- ../libxmlsec1.la \
- ../gcrypt/libxmlsec1-gcrypt.la \
$(NULL)
libxmlsec1_gnutls_la_DEPENDENCIES = \
diff --git a/src/gnutls/Makefile.in b/src/gnutls/Makefile.in
index 93a57352..f07a4b49 100644
--- a/src/gnutls/Makefile.in
+++ b/src/gnutls/Makefile.in
@@ -1,4 +1,4 @@
-# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# Makefile.in generated by automake 1.11 from Makefile.am.
# @configure_input@
# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
@@ -38,13 +38,10 @@ host_triplet = @host@
subdir = src/gnutls
DIST_COMMON = README $(srcdir)/Makefile.am $(srcdir)/Makefile.in
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
-am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
- $(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
- $(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
- $(top_srcdir)/configure.in
+am__aclocal_m4_deps = $(top_srcdir)/configure.in
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
-mkinstalldirs = $(install_sh) -d
+mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = $(top_builddir)/config.h
CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
@@ -73,20 +70,13 @@ am__installdirs = "$(DESTDIR)$(libdir)"
LTLIBRARIES = $(lib_LTLIBRARIES)
am__DEPENDENCIES_1 =
am__libxmlsec1_gnutls_la_SOURCES_DIST = app.c ciphers.c crypto.c \
- digests.c hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c \
- signatures.c x509utils.h x509utils.c x509.c x509vfy.c \
- globals.h ../strings.c
+ digests.c hmac.c symkeys.c globals.h ../strings.c
am__objects_1 =
@SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_gnutls_la-strings.lo
am_libxmlsec1_gnutls_la_OBJECTS = libxmlsec1_gnutls_la-app.lo \
libxmlsec1_gnutls_la-ciphers.lo libxmlsec1_gnutls_la-crypto.lo \
libxmlsec1_gnutls_la-digests.lo libxmlsec1_gnutls_la-hmac.lo \
- libxmlsec1_gnutls_la-kw_aes.lo libxmlsec1_gnutls_la-kw_des.lo \
- libxmlsec1_gnutls_la-symkeys.lo \
- libxmlsec1_gnutls_la-asymkeys.lo \
- libxmlsec1_gnutls_la-signatures.lo \
- libxmlsec1_gnutls_la-x509utils.lo libxmlsec1_gnutls_la-x509.lo \
- libxmlsec1_gnutls_la-x509vfy.lo $(am__objects_1) \
+ libxmlsec1_gnutls_la-symkeys.lo $(am__objects_1) \
$(am__objects_2)
libxmlsec1_gnutls_la_OBJECTS = $(am_libxmlsec1_gnutls_la_OBJECTS)
libxmlsec1_gnutls_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
@@ -134,10 +124,6 @@ ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
-GCRYPT_CFLAGS = @GCRYPT_CFLAGS@
-GCRYPT_CRYPTO_LIB = @GCRYPT_CRYPTO_LIB@
-GCRYPT_LIBS = @GCRYPT_LIBS@
-GCRYPT_MIN_VERSION = @GCRYPT_MIN_VERSION@
GNUTLS_CFLAGS = @GNUTLS_CFLAGS@
GNUTLS_CRYPTO_LIB = @GNUTLS_CRYPTO_LIB@
GNUTLS_LIBS = @GNUTLS_LIBS@
@@ -199,10 +185,8 @@ PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
-PKGCONFIG_PRESENT = @PKGCONFIG_PRESENT@
PKG_CONFIG = @PKG_CONFIG@
-PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@
-PKG_CONFIG_PATH = @PKG_CONFIG_PATH@
+PKG_CONFIG_ENABLED = @PKG_CONFIG_ENABLED@
RANLIB = @RANLIB@
RM = @RM@
SED = @SED@
@@ -229,8 +213,6 @@ XMLSEC_DL_INCLUDES = @XMLSEC_DL_INCLUDES@
XMLSEC_DL_LIBS = @XMLSEC_DL_LIBS@
XMLSEC_DOCDIR = @XMLSEC_DOCDIR@
XMLSEC_EXTRA_LDFLAGS = @XMLSEC_EXTRA_LDFLAGS@
-XMLSEC_GCRYPT_CFLAGS = @XMLSEC_GCRYPT_CFLAGS@
-XMLSEC_GCRYPT_LIBS = @XMLSEC_GCRYPT_LIBS@
XMLSEC_GNUTLS_CFLAGS = @XMLSEC_GNUTLS_CFLAGS@
XMLSEC_GNUTLS_LIBS = @XMLSEC_GNUTLS_LIBS@
XMLSEC_LIBDIR = @XMLSEC_LIBDIR@
@@ -240,7 +222,6 @@ XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_APPS_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_CRYPTO_DYNAMIC_LOADING = @XMLSEC_NO_CRYPTO_DYNAMIC_LOADING@
XMLSEC_NO_DES = @XMLSEC_NO_DES@
XMLSEC_NO_DSA = @XMLSEC_NO_DSA@
-XMLSEC_NO_GCRYPT = @XMLSEC_NO_GCRYPT@
XMLSEC_NO_GNUTLS = @XMLSEC_NO_GNUTLS@
XMLSEC_NO_GOST = @XMLSEC_NO_GOST@
XMLSEC_NO_HMAC = @XMLSEC_NO_HMAC@
@@ -344,17 +325,12 @@ libxmlsec1_gnutls_la_CPPFLAGS = \
$(NULL)
libxmlsec1_gnutls_la_SOURCES = app.c ciphers.c crypto.c digests.c \
- hmac.c kw_aes.c kw_des.c symkeys.c asymkeys.c signatures.c \
- x509utils.h x509utils.c x509.c x509vfy.c globals.h $(NULL) \
- $(am__append_1)
-
-# xmlsec-gnutls library requires xmlsec-gcrypt
+ hmac.c symkeys.c globals.h $(NULL) $(am__append_1)
libxmlsec1_gnutls_la_LIBADD = \
+ ../libxmlsec1.la \
$(GNUTLS_LIBS) \
$(LIBXSLT_LIBS) \
$(LIBXML_LIBS) \
- ../libxmlsec1.la \
- ../gcrypt/libxmlsec1-gcrypt.la \
$(NULL)
libxmlsec1_gnutls_la_DEPENDENCIES = \
@@ -440,19 +416,12 @@ distclean-compile:
-rm -f *.tab.c
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-app.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-ciphers.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-crypto.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-digests.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-hmac.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo@am__quote@
@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo@am__quote@
-@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo@am__quote@
.c.o:
@am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $<
@@ -510,20 +479,6 @@ libxmlsec1_gnutls_la-hmac.lo: hmac.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-hmac.lo `test -f 'hmac.c' || echo '$(srcdir)/'`hmac.c
-libxmlsec1_gnutls_la-kw_aes.lo: kw_aes.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-kw_aes.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Tpo -c -o libxmlsec1_gnutls_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-kw_aes.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_aes.c' object='libxmlsec1_gnutls_la-kw_aes.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-kw_aes.lo `test -f 'kw_aes.c' || echo '$(srcdir)/'`kw_aes.c
-
-libxmlsec1_gnutls_la-kw_des.lo: kw_des.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-kw_des.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Tpo -c -o libxmlsec1_gnutls_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-kw_des.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='kw_des.c' object='libxmlsec1_gnutls_la-kw_des.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-kw_des.lo `test -f 'kw_des.c' || echo '$(srcdir)/'`kw_des.c
-
libxmlsec1_gnutls_la-symkeys.lo: symkeys.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-symkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-symkeys.Plo
@@ -531,41 +486,6 @@ libxmlsec1_gnutls_la-symkeys.lo: symkeys.c
@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-symkeys.lo `test -f 'symkeys.c' || echo '$(srcdir)/'`symkeys.c
-libxmlsec1_gnutls_la-asymkeys.lo: asymkeys.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-asymkeys.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Tpo -c -o libxmlsec1_gnutls_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-asymkeys.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='asymkeys.c' object='libxmlsec1_gnutls_la-asymkeys.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-asymkeys.lo `test -f 'asymkeys.c' || echo '$(srcdir)/'`asymkeys.c
-
-libxmlsec1_gnutls_la-signatures.lo: signatures.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-signatures.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Tpo -c -o libxmlsec1_gnutls_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-signatures.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='signatures.c' object='libxmlsec1_gnutls_la-signatures.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-signatures.lo `test -f 'signatures.c' || echo '$(srcdir)/'`signatures.c
-
-libxmlsec1_gnutls_la-x509utils.lo: x509utils.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509utils.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Tpo -c -o libxmlsec1_gnutls_la-x509utils.lo `test -f 'x509utils.c' || echo '$(srcdir)/'`x509utils.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509utils.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509utils.c' object='libxmlsec1_gnutls_la-x509utils.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509utils.lo `test -f 'x509utils.c' || echo '$(srcdir)/'`x509utils.c
-
-libxmlsec1_gnutls_la-x509.lo: x509.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509.Tpo -c -o libxmlsec1_gnutls_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509.c' object='libxmlsec1_gnutls_la-x509.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509.lo `test -f 'x509.c' || echo '$(srcdir)/'`x509.c
-
-libxmlsec1_gnutls_la-x509vfy.lo: x509vfy.c
-@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-x509vfy.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Tpo -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
-@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-x509vfy.Plo
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='x509vfy.c' object='libxmlsec1_gnutls_la-x509vfy.lo' libtool=yes @AMDEPBACKSLASH@
-@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
-@am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_gnutls_la-x509vfy.lo `test -f 'x509vfy.c' || echo '$(srcdir)/'`x509vfy.c
-
libxmlsec1_gnutls_la-strings.lo: ../strings.c
@am__fastdepCC_TRUE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_gnutls_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_gnutls_la-strings.lo -MD -MP -MF $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo -c -o libxmlsec1_gnutls_la-strings.lo `test -f '../strings.c' || echo '$(srcdir)/'`../strings.c
@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/libxmlsec1_gnutls_la-strings.Tpo $(DEPDIR)/libxmlsec1_gnutls_la-strings.Plo
diff --git a/src/gnutls/README b/src/gnutls/README
index 404aa878..02c5fbbf 100644
--- a/src/gnutls/README
+++ b/src/gnutls/README
@@ -1,6 +1,9 @@
-The xmlsec-gnutls uses both libgcrypt and libgnutls because GnuTLS
-does not provide direct access to low-level crypto operations (digests,
-hmac, aes, des, etc.).
-
+The xmlsec-gnutls implementation is really limited and is not ready
+for production use. The only supported crypto transforms are:
+ - HMAC
+ - Tripple DES
+ - AES [128|192|256]
+ - SHA1
+ \ No newline at end of file
diff --git a/src/gnutls/app.c b/src/gnutls/app.c
index 856257f3..54da1999 100644
--- a/src/gnutls/app.c
+++ b/src/gnutls/app.c
@@ -1,15 +1,17 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
+#include <gnutls/gnutls.h>
+
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -17,56 +19,38 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
-#include <xmlsec/gnutls/x509.h>
-
-#include "x509utils.h"
-
-/**************************************************************************
- *
- * We use xmlsec-gcrypt for all the basic crypto ops
- *
- *****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
-#include <xmlsec/gcrypt/app.h>
-
-static xmlSecKeyPtr xmlSecGnuTLSAppKeyFromCertLoad (const char *filename,
- xmlSecKeyDataFormat format);
-static xmlSecKeyPtr xmlSecGnuTLSAppKeyFromCertLoadMemory (const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecKeyDataFormat format);
/**
* xmlSecGnuTLSAppInit:
- * @config: the path to GnuTLS configuration (unused).
- *
+ * @config: the path to GnuTLS configuration (unused).
+ *
* General crypto engine initialization. This function is used
- * by XMLSec command line utility and called before
+ * by XMLSec command line utility and called before
* @xmlSecInit function.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSAppInit(const char* config) {
- int err;
-
- err = gnutls_global_init();
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_global_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(-1);
- }
+xmlSecGnuTLSAppInit(const char* config ATTRIBUTE_UNUSED) {
+ int ret;
- return(xmlSecGCryptAppInit(config));
+ ret = gnutls_global_init();
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "gnutls_global_init",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ return(0);
}
/**
* xmlSecGnuTLSAppShutdown:
- *
+ *
* General crypto engine shutdown. This function is used
- * by XMLSec command line utility and called after
+ * by XMLSec command line utility and called after
* @xmlSecShutdown function.
*
* Returns: 0 on success or a negative value otherwise.
@@ -74,787 +58,304 @@ xmlSecGnuTLSAppInit(const char* config) {
int
xmlSecGnuTLSAppShutdown(void) {
gnutls_global_deinit();
-
- return(xmlSecGCryptAppShutdown());
+ return(0);
}
/**
* xmlSecGnuTLSAppKeyLoad:
- * @filename: the key filename.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the key filename.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
- * Reads key from the a file.
+ * Reads key from the a file (not implemented yet).
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
xmlSecGnuTLSAppKeyLoad(const char *filename, xmlSecKeyDataFormat format,
- const char *pwd,
- void* pwdCallback,
- void* pwdCallbackCtx) {
- xmlSecKeyPtr key;
-
+ const char *pwd,
+ void* pwdCallback,
+ void* pwdCallbackCtx) {
xmlSecAssert2(filename != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
+
- switch(format) {
-#ifndef XMLSEC_NO_X509
- case xmlSecKeyDataFormatPkcs12:
- key = xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx);
- break;
- case xmlSecKeyDataFormatCertPem:
- case xmlSecKeyDataFormatCertDer:
- key = xmlSecGnuTLSAppKeyFromCertLoad(filename, format);
- break;
-#endif /* XMLSEC_NO_X509 */
- default:
- key = xmlSecGCryptAppKeyLoad(filename, format, pwd, pwdCallback, pwdCallbackCtx);
- break;
+ if (format == xmlSecKeyDataFormatPkcs12) {
+ return (xmlSecGnuTLSAppPkcs12Load(filename, pwd, pwdCallback,
+ pwdCallbackCtx));
}
- return(key);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/**
* xmlSecGnuTLSAppKeyLoadMemory:
- * @data: the binary key data.
- * @dataSize: the size of binary key.
- * @format: the key file format.
- * @pwd: the key file password.
- * @pwdCallback: the key password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the binary key data.
+ * @dataSize: the size of binary key.
+ * @format: the key file format.
+ * @pwd: the key file password.
+ * @pwdCallback: the key password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
- * Reads key from the memory buffer.
+ * Reads key from the memory buffer (not implemented yet).
*
* Returns: pointer to the key or NULL if an error occurs.
*/
xmlSecKeyPtr
-xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- xmlSecKeyDataFormat format, const char *pwd,
- void* pwdCallback, void* pwdCallbackCtx) {
- xmlSecKeyPtr key;
-
+xmlSecGnuTLSAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format, const char *pwd,
+ void* pwdCallback, void* pwdCallbackCtx) {
xmlSecAssert2(data != NULL, NULL);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
- switch(format) {
-#ifndef XMLSEC_NO_X509
- case xmlSecKeyDataFormatPkcs12:
- key = xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd, pwdCallback, pwdCallbackCtx);
- break;
- case xmlSecKeyDataFormatCertPem:
- case xmlSecKeyDataFormatCertDer:
- key = xmlSecGnuTLSAppKeyFromCertLoadMemory(data, dataSize, format);
- break;
-#endif /* XMLSEC_NO_X509 */
- default:
- key = xmlSecGCryptAppKeyLoadMemory(data, dataSize, format, pwd, pwdCallback, pwdCallbackCtx);
- break;
+ if (format == xmlSecKeyDataFormatPkcs12) {
+ return (xmlSecGnuTLSAppPkcs12LoadMemory(data, dataSize, pwd,
+ pwdCallback, pwdCallbackCtx));
}
- return(key);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
#ifndef XMLSEC_NO_X509
/**
* xmlSecGnuTLSAppKeyCertLoad:
- * @key: the pointer to key.
- * @filename: the certificate filename.
- * @format: the certificate file format.
- *
- * Reads the certificate from $@filename and adds it to key.
+ * @key: the pointer to key.
+ * @filename: the certificate filename.
+ * @format: the certificate file format.
*
+ * Reads the certificate from $@filename and adds it to key
+ * (not implemented yet).
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
- xmlSecKeyDataFormat format) {
- xmlSecBuffer buffer;
- int ret;
-
+int
+xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename,
+ xmlSecKeyDataFormat format) {
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
-
- ret = xmlSecBufferInitialize(&buffer, 4*1024);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecBufferReadFile(&buffer, filename);
- if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(-1);
- }
-
- ret = xmlSecGnuTLSAppKeyCertLoadMemory(key,
- xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer),
- format);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeyCertLoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(-1);
- }
-
- /* cleanup */
- xmlSecBufferFinalize(&buffer);
- return(0);
+
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/**
* xmlSecGnuTLSAppKeyCertLoadMemory:
- * @key: the pointer to key.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
- *
- * Reads the certificate from memory buffer and adds it to key.
+ * @key: the pointer to key.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
*
+ * Reads the certificate from memory buffer and adds it to key (not implemented yet).
+ *
* Returns: 0 on success or a negative value otherwise.
*/
-int
-xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecKeyDataFormat format) {
- gnutls_x509_crt_t cert;
- xmlSecKeyDataPtr keyData;
- int ret;
-
+int
+xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecKeyDataFormat format) {
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(dataSize > 0, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
- keyData = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
- if(keyData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(keyData, cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert);
- return(-1);
- }
-
- return(0);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeyCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/**
* xmlSecGnuTLSAppPkcs12Load:
- * @filename: the PKCS12 key filename.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @filename: the PKCS12 key filename.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
- * Reads key and all associated certificates from the PKCS12 file.
+ * Reads key and all associated certificates from the PKCS12 file
+ * (not implemented yet).
* For uniformity, call xmlSecGnuTLSAppKeyLoad instead of this function. Pass
* in format=xmlSecKeyDataFormatPkcs12.
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecGnuTLSAppPkcs12Load(const char *filename,
- const char *pwd,
- void* pwdCallback,
- void* pwdCallbackCtx) {
- xmlSecKeyPtr key;
- xmlSecBuffer buffer;
- int ret;
-
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12Load(const char *filename,
+ const char *pwd ATTRIBUTE_UNUSED,
+ void* pwdCallback ATTRIBUTE_UNUSED,
+ void* pwdCallbackCtx ATTRIBUTE_UNUSED) {
xmlSecAssert2(filename != NULL, NULL);
- ret = xmlSecBufferInitialize(&buffer, 4*1024);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- ret = xmlSecBufferReadFile(&buffer, filename);
- if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(NULL);
- }
-
- key = xmlSecGnuTLSAppPkcs12LoadMemory(xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer),
- pwd, pwdCallback, pwdCallbackCtx);
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppPkcs12LoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(NULL);
- }
-
- /* cleanup */
- xmlSecBufferFinalize(&buffer);
- return(key);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppPkcs12Load",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/**
* xmlSecGnuTLSAppPkcs12LoadMemory:
- * @data: the PKCS12 binary data.
- * @dataSize: the PKCS12 binary data size.
- * @pwd: the PKCS12 file password.
- * @pwdCallback: the password callback.
- * @pwdCallbackCtx: the user context for password callback.
+ * @data: the PKCS12 binary data.
+ * @dataSize: the PKCS12 binary data size.
+ * @pwd: the PKCS12 file password.
+ * @pwdCallback: the password callback.
+ * @pwdCallbackCtx: the user context for password callback.
*
* Reads key and all associated certificates from the PKCS12 data in memory buffer.
* For uniformity, call xmlSecGnuTLSAppKeyLoadMemory instead of this function. Pass
- * in format=xmlSecKeyDataFormatPkcs12.
+ * in format=xmlSecKeyDataFormatPkcs12 (not implemented yet).
*
* Returns: pointer to the key or NULL if an error occurs.
*/
-xmlSecKeyPtr
-xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- const char *pwd,
- void* pwdCallback ATTRIBUTE_UNUSED,
- void* pwdCallbackCtx ATTRIBUTE_UNUSED)
-{
- xmlSecKeyPtr key = NULL;
- xmlSecKeyPtr res = NULL;
- xmlSecPtrList certsList;
- xmlSecKeyDataPtr keyData = NULL;
- xmlSecKeyDataPtr x509Data = NULL;
- gnutls_x509_privkey_t priv_key = NULL;
- gnutls_x509_crt_t key_cert = NULL;
- xmlSecSize certsSize;
- int ret;
-
+xmlSecKeyPtr
+xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
+ const char *pwd, void* pwdCallback,
+ void* pwdCallbackCtx) {
xmlSecAssert2(data != NULL, NULL);
- xmlSecAssert2(dataSize > 0, NULL);
-
- /* prepare */
- ret = xmlSecPtrListInitialize(&(certsList), xmlSecGnuTLSX509CrtListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "certsList");
- return(NULL);
- }
-
- /* load pkcs12 */
- ret = xmlSecGnuTLSPkcs12LoadMemory(data, dataSize, pwd, &priv_key, &key_cert, &certsList);
- if((ret < 0) || (priv_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSPkcs12LoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* create key */
- key = xmlSecKeyCreate();
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* create key value data */
- keyData = xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(priv_key);
- if(keyData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- priv_key = NULL; /* owned by keyData now */
-
- ret = xmlSecKeySetValue(key, keyData);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- keyData = NULL; /* owned by key now */
-
-
- /* create x509 certs data */
- certsSize = xmlSecPtrListGetSize(&certsList);
- if((certsSize > 0) || (key_cert != NULL)) {
- xmlSecSize ii;
-
- x509Data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id);
- if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* set key's cert */
- if(key_cert != NULL) {
- ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, key_cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- key_cert = NULL; /* owned by x509Data now */
- }
-
- /* copy all other certs */
- for(ii = 0; ii < certsSize; ++ii) {
- gnutls_x509_crt_t cert = xmlSecPtrListRemoveAndReturn(&certsList, ii);
- if(cert == NULL) {
- continue;
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(x509Data, cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert);
- goto done;
- }
- }
-
- /* set in the key */
- ret = xmlSecKeyAdoptData(key, x509Data);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyAdoptData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- x509Data = NULL; /* owned by key now */
- }
-
- /* success!!! */
- res = key;
- key = NULL;
-
-done:
- if(key_cert != NULL) {
- gnutls_x509_crt_deinit(key_cert);
- }
- if(priv_key != NULL) {
- gnutls_x509_privkey_deinit(priv_key);
- }
- if(keyData != NULL) {
- xmlSecKeyDataDestroy(keyData);
- }
- if(x509Data != NULL) {
- xmlSecKeyDataDestroy(x509Data);
- }
- if(key != NULL) {
- xmlSecKeyDestroy(key);
- }
- xmlSecPtrListFinalize(&certsList);
- return(res);
-}
-
-static xmlSecKeyPtr
-xmlSecGnuTLSAppKeyFromCertLoad(const char *filename,
- xmlSecKeyDataFormat format)
-{
- xmlSecKeyPtr key;
- xmlSecBuffer buffer;
- int ret;
-
- xmlSecAssert2(filename != NULL, NULL);
-
- ret = xmlSecBufferInitialize(&buffer, 4*1024);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- ret = xmlSecBufferReadFile(&buffer, filename);
- if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(NULL);
- }
-
- key = xmlSecGnuTLSAppKeyFromCertLoadMemory(
- xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer),
- format);
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeyFromCertLoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(NULL);
- }
-
- /* cleanup */
- xmlSecBufferFinalize(&buffer);
- return(key);
-}
-
-static xmlSecKeyPtr
-xmlSecGnuTLSAppKeyFromCertLoadMemory(const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecKeyDataFormat format)
-{
- xmlSecKeyPtr key = NULL;
- xmlSecKeyDataPtr keyData = NULL;
- xmlSecKeyDataPtr x509Data = NULL;
- gnutls_x509_crt_t cert = NULL;
- xmlSecKeyPtr res = NULL;
- int ret;
-
- xmlSecAssert2(data != NULL, NULL);
- xmlSecAssert2(dataSize > 0, NULL);
- xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL);
-
- /* read cert */
- cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* create key */
- key = xmlSecKeyCreate();
- if(key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* create key value data */
- keyData = xmlSecGnuTLSX509CertGetKey(cert);
- if(keyData == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- ret = xmlSecKeySetValue(key, keyData);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "data=%s",
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data)));
- goto done;
- }
- keyData = NULL; /* owned by key now */
-
- /* create x509 data */
- x509Data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
- if(x509Data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataX509AdoptKeyCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- cert = NULL; /* owned by x509Data now */
-
- /* success */
- res = key;
- key = NULL;
-
-done:
- if(cert != NULL) {
- gnutls_x509_crt_deinit(cert);
- }
- if(keyData != NULL) {
- xmlSecKeyDataDestroy(keyData);
- }
- if(key != NULL) {
- xmlSecKeyDestroy(key);
- }
- return(res);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppPkcs12LoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(NULL);
}
/**
* xmlSecGnuTLSAppKeysMngrCertLoad:
- * @mngr: the keys manager.
- * @filename: the certificate file.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate in @filename
- * trusted or not.
- *
+ * @mngr: the keys manager.
+ * @filename: the certificate file.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate in @filename
+ * trusted or not.
+ *
* Reads cert from @filename and adds to the list of trusted or known
- * untrusted certs in @store.
+ * untrusted certs in @store (not implemented yet).
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr,
- const char *filename,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
- xmlSecBuffer buffer;
- int ret;
-
+xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename,
+ xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
- ret = xmlSecBufferInitialize(&buffer, 4*1024);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecBufferReadFile(&buffer, filename);
- if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferReadFile",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(-1);
- }
-
- ret = xmlSecGnuTLSAppKeysMngrCertLoadMemory(mngr,
- xmlSecBufferGetData(&buffer),
- xmlSecBufferGetSize(&buffer),
- format,
- type);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- xmlSecBufferFinalize(&buffer);
- return(-1);
- }
-
- /* cleanup */
- xmlSecBufferFinalize(&buffer);
- return(0);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeysMngrCertLoad",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/**
* xmlSecGnuTLSAppKeysMngrCertLoadMemory:
- * @mngr: the keys manager.
- * @data: the certificate binary data.
- * @dataSize: the certificate binary data size.
- * @format: the certificate file format.
- * @type: the flag that indicates is the certificate trusted or not.
- *
+ * @mngr: the keys manager.
+ * @data: the certificate binary data.
+ * @dataSize: the certificate binary data size.
+ * @format: the certificate file format.
+ * @type: the flag that indicates is the certificate trusted or not.
+ *
* Reads cert from binary buffer @data and adds to the list of trusted or known
- * untrusted certs in @store.
+ * untrusted certs in @store (not implemented yet).
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr,
- const xmlSecByte* data,
- xmlSecSize dataSize,
- xmlSecKeyDataFormat format,
- xmlSecKeyDataType type) {
- xmlSecKeyDataStorePtr x509Store;
- gnutls_x509_crt_t cert;
- int ret;
-
+xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data,
+ xmlSecSize dataSize, xmlSecKeyDataFormat format,
+ xmlSecKeyDataType type) {
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(dataSize > 0, -1);
xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1);
- x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSX509StoreId");
- return(-1);
- }
-
- cert = xmlSecGnuTLSX509CertRead(data, dataSize, format);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecGnuTLSX509StoreAdoptCert(x509Store, cert, type);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509StoreAdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert);
- return(-1);
- }
-
- return(0);
+ /* TODO */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSAppKeysMngrCertLoadMemory",
+ XMLSEC_ERRORS_R_NOT_IMPLEMENTED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
#endif /* XMLSEC_NO_X509 */
/**
* xmlSecGnuTLSAppDefaultKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId
* and a default GnuTLS crypto key data stores.
*
* Returns: 0 on success or a negative value otherwise.
- */
+ */
int
xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
- /* create simple keys store if needed */
+ /* create simple keys store if needed */
if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) {
- xmlSecKeyStorePtr keysStore;
-
- keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
- if(keysStore == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecSimpleKeysStoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyStoreDestroy(keysStore);
- return(-1);
- }
- }
-
- ret = xmlSecGnuTLSKeysMngrInit(mngr);
+ xmlSecKeyStorePtr keysStore;
+
+ keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId);
+ if(keysStore == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeyStoreCreate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "xmlSecSimpleKeysStoreId");
+ return(-1);
+ }
+
+ ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrAdoptKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ xmlSecKeyStoreDestroy(keysStore);
+ return(-1);
+ }
+ }
+
+ ret = xmlSecGnuTLSKeysMngrInit(mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecGnuTLSKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
/* TODO */
mngr->getKey = xmlSecKeysMngrGetKey;
return(0);
@@ -862,125 +363,125 @@ xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) {
/**
* xmlSecGnuTLSAppDefaultKeysMngrAdoptKey:
- * @mngr: the pointer to keys manager.
- * @key: the pointer to key.
+ * @mngr: the pointer to keys manager.
+ * @key: the pointer to key.
*
* Adds @key to the keys manager @mngr created with #xmlSecGnuTLSAppDefaultKeysMngrInit
* function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecGnuTLSAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(key != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreAdoptKey(store, key);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreAdoptKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreAdoptKey",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecGnuTLSAppDefaultKeysMngrLoad:
- * @mngr: the pointer to keys manager.
- * @uri: the uri.
+ * @mngr: the pointer to keys manager.
+ * @uri: the uri.
*
- * Loads XML keys file from @uri to the keys manager @mngr created
+ * Loads XML keys file from @uri to the keys manager @mngr created
* with #xmlSecGnuTLSAppDefaultKeysMngrInit function.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecGnuTLSAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(uri != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreLoad",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "uri=%s", xmlSecErrorsSafeString(uri));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreLoad",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "uri=%s", xmlSecErrorsSafeString(uri));
+ return(-1);
+ }
+
return(0);
}
/**
* xmlSecGnuTLSAppDefaultKeysMngrSave:
- * @mngr: the pointer to keys manager.
- * @filename: the destination filename.
- * @type: the type of keys to save (public/private/symmetric).
+ * @mngr: the pointer to keys manager.
+ * @filename: the destination filename.
+ * @type: the type of keys to save (public/private/symmetric).
*
* Saves keys from @mngr to XML keys file.
- *
+ *
* Returns: 0 on success or a negative value otherwise.
- */
-int
+ */
+int
xmlSecGnuTLSAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) {
xmlSecKeyStorePtr store;
int ret;
-
+
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
-
+
store = xmlSecKeysMngrGetKeysStore(mngr);
if(store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrGetKeysStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecKeysMngrGetKeysStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
ret = xmlSecSimpleKeysStoreSave(store, filename, type);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecSimpleKeysStoreSave",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "filename=%s",
- xmlSecErrorsSafeString(filename));
- return(-1);
- }
-
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecSimpleKeysStoreSave",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "filename=%s",
+ xmlSecErrorsSafeString(filename));
+ return(-1);
+ }
+
return(0);
}
diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c
deleted file mode 100644
index 6ac68a78..00000000
--- a/src/gnutls/asymkeys.c
+++ /dev/null
@@ -1,455 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#include "globals.h"
-
-#include <string.h>
-
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/base64.h>
-#include <xmlsec/keyinfo.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/gnutls/crypto.h>
-
-/**************************************************************************
- *
- * We use xmlsec-gcrypt for all the basic crypto ops
- *
- *****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
-#include <gcrypt.h>
-
-static void xmlSecGnuTLSDestroyParams(gnutls_datum_t * params, xmlSecSize num) {
- xmlSecSize ii;
-
- xmlSecAssert(params != NULL);
- for(ii = 0; ii < num; ++ii) {
- gnutls_free(params[ii].data);
- }
-}
-
-static void xmlSecGnuTLSDestroyMpis(gcry_mpi_t * mpis, xmlSecSize num) {
- xmlSecSize ii;
-
- xmlSecAssert(mpis != NULL);
- for(ii = 0; ii < num; ++ii) {
- gcry_mpi_release(mpis[ii]);
- }
-}
-
-static int xmlSecGnuTLSConvertParamsToMpis(gnutls_datum_t * params, xmlSecSize paramsNum,
- gcry_mpi_t * mpis, xmlSecSize mpisNum) {
-
- xmlSecSize ii;
- int rc;
-
- xmlSecAssert2(params != NULL, -1);
- xmlSecAssert2(mpis != NULL, -1);
- xmlSecAssert2(paramsNum == mpisNum, -1);
-
- for(ii = 0; ii < paramsNum; ++ii) {
- rc = gcry_mpi_scan(&(mpis[ii]), GCRYMPI_FMT_USG, params[ii].data, params[ii].size, NULL);
- if((rc != GPG_ERR_NO_ERROR) || (mpis[ii] == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_mpi_scan",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- xmlSecGnuTLSDestroyMpis(mpis, ii); /* destroy up to now */
- return(-1);
- }
- }
-
- /* done */
- return(0);
-}
-
-#ifndef XMLSEC_NO_DSA
-
-/**
- * xmlSecGnuTLSKeyDataDsaGetKlass:
- *
- * The DSA key data klass.
- *
- * Returns: pointer to DSA key data klass.
- */
-xmlSecKeyDataId
-xmlSecGnuTLSKeyDataDsaGetKlass(void) {
- return (xmlSecGCryptKeyDataDsaGetKlass());
-}
-
-/**
- * xmlSecGnuTLSKeyDataDsaAdoptPrivateKey:
- * @data: the pointer to DSA key data.
- * @dsa_key: the pointer to GnuTLS DSA private key.
- *
- * Sets the value of DSA key data.
- *
- * Returns: 0 on success or a negative value otherwise.
- */
-int
-xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey_t dsa_key) {
- gnutls_datum_t params[5];
- gcry_mpi_t mpis[5];
- gcry_sexp_t priv_key = NULL;
- gcry_sexp_t pub_key = NULL;
- int rc;
- int err;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
- xmlSecAssert2(dsa_key != NULL, -1);
- xmlSecAssert2(gnutls_x509_privkey_get_pk_algorithm(dsa_key) == GNUTLS_PK_DSA, -1);
-
- /* get raw values */
- err = gnutls_x509_privkey_export_dsa_raw(dsa_key,
- &(params[0]), &(params[1]), &(params[2]),
- &(params[3]), &(params[4]));
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_export_dsa_raw",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(-1);
- }
-
- /* convert to mpis */
- ret = xmlSecGnuTLSConvertParamsToMpis(
- params, sizeof(params)/sizeof(params[0]),
- mpis, sizeof(mpis)/sizeof(mpis[0]));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
- return(-1);
- }
- xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
-
- /* build expressions */
- rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))",
- mpis[0], mpis[1], mpis[2], mpis[3], mpis[4]);
- if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/dsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
- return(-1);
- }
- rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- mpis[0], mpis[1], mpis[2], mpis[3]);
- if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- gcry_sexp_release(priv_key);
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
- return(-1);
- }
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
-
- ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataDsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gcry_sexp_release(pub_key);
- gcry_sexp_release(priv_key);
- return(-1);
- }
-
- /* done, we "adopted" the key - destroy it! */
- gnutls_x509_privkey_deinit(dsa_key);
- return(0);
-}
-
-
-/**
- * xmlSecGnuTLSKeyDataDsaAdoptPublicKey:
- * @data: the pointer to DSA key data.
- * @p: the pointer to p component of the DSA public key
- * @q: the pointer to q component of the DSA public key
- * @g: the pointer to g component of the DSA public key
- * @y: the pointer to y component of the DSA public key
- *
- * Sets the value of DSA key data.
- *
- * Returns: 0 on success or a negative value otherwise.
- */
-int
-xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data,
- gnutls_datum_t * p, gnutls_datum_t * q,
- gnutls_datum_t * g, gnutls_datum_t * y) {
- gnutls_datum_t params[4];
- gcry_mpi_t mpis[4];
- gcry_sexp_t pub_key = NULL;
- int rc;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDsaId), -1);
- xmlSecAssert2(p != NULL, -1);
- xmlSecAssert2(q != NULL, -1);
- xmlSecAssert2(g != NULL, -1);
- xmlSecAssert2(y != NULL, -1);
-
- /* copy */
- memcpy(&(params[0]), p, sizeof(*p));
- memcpy(&(params[1]), q, sizeof(*q));
- memcpy(&(params[2]), g, sizeof(*g));
- memcpy(&(params[3]), y, sizeof(*y));
-
- /* convert to mpis */
- ret = xmlSecGnuTLSConvertParamsToMpis(
- params, sizeof(params)/sizeof(params[0]),
- mpis, sizeof(mpis)/sizeof(mpis[0]));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- /* don't destroy params - we got them from outside !!! */
- return(-1);
- }
- /* don't destroy params - we got them from outside !!! */
-
- /* build expressions */
- rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))",
- mpis[0], mpis[1], mpis[2], mpis[3]);
- if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
- return(-1);
- }
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
-
- ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataDsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gcry_sexp_release(pub_key);
- return(-1);
- }
-
- /* done, we "adopted" the key - destroy it! */
- gnutls_free(p->data);
- gnutls_free(q->data);
- gnutls_free(g->data);
- gnutls_free(y->data);
- return(0);
-}
-
-#endif /* XMLSEC_NO_DSA */
-
-
-#ifndef XMLSEC_NO_RSA
-
-/**
- * xmlSecGnuTLSKeyDataRsaGetKlass:
- *
- * The GnuTLS RSA key data klass.
- *
- * Returns: pointer to GnuTLS RSA key data klass.
- */
-xmlSecKeyDataId
-xmlSecGnuTLSKeyDataRsaGetKlass(void) {
- return (xmlSecGCryptKeyDataRsaGetKlass());
-}
-
-/**
- * xmlSecGnuTLSKeyDataRsaAdoptPrivateKey:
- * @data: the pointer to RSA key data.
- * @rsa_key: the pointer to GnuTLS RSA private key.
- *
- * Sets the value of RSA key data.
- *
- * Returns: 0 on success or a negative value otherwise.
- */
-int
-xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey_t rsa_key) {
- gnutls_datum_t params[6];
- gcry_mpi_t mpis[6];
- gcry_sexp_t priv_key = NULL;
- gcry_sexp_t pub_key = NULL;
- int rc;
- int err;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
- xmlSecAssert2(rsa_key != NULL, -1);
- xmlSecAssert2(gnutls_x509_privkey_get_pk_algorithm(rsa_key) == GNUTLS_PK_RSA, -1);
-
- /* get raw values */
- err = gnutls_x509_privkey_export_rsa_raw(rsa_key,
- &(params[0]), &(params[1]), &(params[2]),
- &(params[3]), &(params[4]), &(params[5]));
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_export_rsa_raw",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(-1);
- }
-
- /* convert to mpis */
- ret = xmlSecGnuTLSConvertParamsToMpis(
- params, sizeof(params)/sizeof(params[0]),
- mpis, sizeof(mpis)/sizeof(mpis[0]));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
- return(-1);
- }
- xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0]));
-
- /* build expressions */
- rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))",
- mpis[0], mpis[1], mpis[2],
- mpis[3], mpis[4], mpis[5]);
- if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
- return(-1);
- }
- rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
- mpis[0], mpis[1]);
- if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- gcry_sexp_release(priv_key);
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
- return(-1);
- }
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
-
- ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataRsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gcry_sexp_release(pub_key);
- gcry_sexp_release(priv_key);
- return(-1);
- }
-
- /* done, we "adopted" the key - destroy it! */
- gnutls_x509_privkey_deinit(rsa_key);
- return(0);
-}
-
-
-/**
- * xmlSecGnuTLSKeyDataRsaAdoptPublicKey:
- * @data: the pointer to RSA key data.
- * @m: the pointer to m component of the RSA public key
- * @e: the pointer to e component of the RSA public key
- *
- * Sets the value of RSA key data.
- *
- * Returns: 0 on success or a negative value otherwise.
- */
-int
-xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data,
- gnutls_datum_t * m, gnutls_datum_t * e) {
- gnutls_datum_t params[2];
- gcry_mpi_t mpis[2];
- gcry_sexp_t pub_key = NULL;
- int rc;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataRsaId), -1);
- xmlSecAssert2(m != NULL, -1);
- xmlSecAssert2(e != NULL, -1);
-
- /* copy */
- memcpy(&(params[0]), m, sizeof(*m));
- memcpy(&(params[1]), e, sizeof(*e));
-
- /* convert to mpis */
- ret = xmlSecGnuTLSConvertParamsToMpis(
- params, sizeof(params)/sizeof(params[0]),
- mpis, sizeof(mpis)/sizeof(mpis[0]));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSConvertParamsToMpis",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- /* don't destroy params - we got them from outside !!! */
- return(-1);
- }
- /* don't destroy params - we got them from outside !!! */
-
- /* build expressions */
- rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))",
- mpis[0], mpis[1]);
- if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gcry_sexp_build(private/rsa)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc));
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
- return(-1);
- }
- xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0]));
-
- ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, NULL);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGCryptKeyDataRsaAdoptKeyPair",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gcry_sexp_release(pub_key);
- return(-1);
- }
-
- /* done, we "adopted" the key - destroy it! */
- gnutls_free(m->data);
- gnutls_free(e->data);
- return(0);
-}
-#endif /* XMLSEC_NO_RSA */
diff --git a/src/gnutls/ciphers.c b/src/gnutls/ciphers.c
index eacfede6..b9421597 100644
--- a/src/gnutls/ciphers.c
+++ b/src/gnutls/ciphers.c
@@ -1,15 +1,18 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -19,64 +22,839 @@
/**************************************************************************
*
- * We use xmlsec-gcrypt for all the basic crypto ops
+ * Internal GnuTLS Block cipher CTX
+ *
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSBlockCipherCtx xmlSecGnuTLSBlockCipherCtx,
+ *xmlSecGnuTLSBlockCipherCtxPtr;
+struct _xmlSecGnuTLSBlockCipherCtx {
+ int cipher;
+ int mode;
+ GcryCipherHd cipherCtx;
+ xmlSecKeyDataId keyId;
+ int keyInitialized;
+ int ctxInitialized;
+};
+
+static int xmlSecGnuTLSBlockCipherCtxInit (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSBlockCipherCtxUpdate (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSBlockCipherCtxFinal (xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx);
+static int
+xmlSecGnuTLSBlockCipherCtxInit(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ int blockLen;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->keyInitialized != 0, -1);
+ xmlSecAssert2(ctx->ctxInitialized == 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ /* iv len == block len */
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ if(encrypt) {
+ xmlSecByte* iv;
+ xmlSecSize outSize;
+
+ /* allocate space for IV */
+ outSize = xmlSecBufferGetSize(out);
+ ret = xmlSecBufferSetSize(out, outSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + blockLen);
+ return(-1);
+ }
+ iv = xmlSecBufferGetData(out) + outSize;
+
+ /* generate and use random iv */
+ gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM);
+ ret = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ } else {
+ /* if we don't have enough data, exit and hope that
+ * we'll have iv next time */
+ if(xmlSecBufferGetSize(in) < (xmlSecSize)blockLen) {
+ return(0);
+ }
+ xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1);
+
+ /* set iv */
+ ret = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_setiv",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ /* and remove from input */
+ ret = xmlSecBufferRemoveHead(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ }
+
+ ctx->ctxInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherCtxUpdate(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in, xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, inBlocks, outSize;
+ int blockLen;
+ xmlSecByte* outBuf;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(inSize < (xmlSecSize)blockLen) {
+ return(0);
+ }
+
+ if(encrypt) {
+ inBlocks = inSize / ((xmlSecSize)blockLen);
+ } else {
+ /* we want to have the last block in the input buffer
+ * for padding check */
+ inBlocks = (inSize - 1) / ((xmlSecSize)blockLen);
+ }
+ inSize = inBlocks * ((xmlSecSize)blockLen);
+
+ /* we write out the input size plus may be one block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize + blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ } else {
+ ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + inSize);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherCtxFinal(xmlSecGnuTLSBlockCipherCtxPtr ctx,
+ xmlSecBufferPtr in,
+ xmlSecBufferPtr out,
+ int encrypt,
+ const xmlChar* cipherName,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecSize inSize, outSize;
+ int blockLen, outLen = 0;
+ xmlSecByte* inBuf;
+ xmlSecByte* outBuf;
+ int ret;
+
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->ctxInitialized != 0, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ blockLen = gcry_cipher_get_algo_blklen(ctx->cipher);
+ xmlSecAssert2(blockLen > 0, -1);
+
+ inSize = xmlSecBufferGetSize(in);
+ outSize = xmlSecBufferGetSize(out);
+
+ if(encrypt != 0) {
+ xmlSecAssert2(inSize < (xmlSecSize)blockLen, -1);
+
+ /* create padding */
+ ret = xmlSecBufferSetMaxSize(in, blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", blockLen);
+ return(-1);
+ }
+ inBuf = xmlSecBufferGetData(in);
+
+ /* create random padding */
+ if((xmlSecSize)blockLen > (inSize + 1)) {
+ gcry_randomize(inBuf + inSize, blockLen - inSize - 1,
+ GCRY_STRONG_RANDOM); /* as usual, we are paranoid */
+ }
+ inBuf[blockLen - 1] = blockLen - inSize;
+ inSize = blockLen;
+ } else {
+ if(inSize != (xmlSecSize)blockLen) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data=%d;block=%d", inSize, blockLen);
+ return(-1);
+ }
+ }
+
+ /* process last block */
+ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetMaxSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + 2 * blockLen);
+ return(-1);
+ }
+ outBuf = xmlSecBufferGetData(out) + outSize;
+
+ if(encrypt) {
+ ret = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_encrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ } else {
+ ret = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen,
+ xmlSecBufferGetData(in), inSize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "gcry_cipher_decrypt",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ }
+
+ if(encrypt == 0) {
+ /* check padding */
+ if(inSize < outBuf[blockLen - 1]) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "padding=%d;buffer=%d",
+ outBuf[blockLen - 1], inSize);
+ return(-1);
+ }
+ outLen = inSize - outBuf[blockLen - 1];
+ } else {
+ outLen = inSize;
+ }
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+
+ /* set correct output buffer size */
+ ret = xmlSecBufferSetSize(out, outSize + outLen);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", outSize + outLen);
+ return(-1);
+ }
+
+ /* remove the processed block from input */
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(cipherName),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+
+ return(0);
+}
+
+
+/******************************************************************************
+ *
+ * Block Cipher transforms
*
+ * xmlSecGnuTLSBlockCipherCtx block is located after xmlSecTransform structure
+ *
*****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
+#define xmlSecGnuTLSBlockCipherSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSBlockCipherCtx))
+#define xmlSecGnuTLSBlockCipherGetCtx(transform) \
+ ((xmlSecGnuTLSBlockCipherCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGnuTLSBlockCipherInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSBlockCipherFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSBlockCipherSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSBlockCipherSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSBlockCipherExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSBlockCipherCheckId (xmlSecTransformPtr transform);
+
+
+
+static int
+xmlSecGnuTLSBlockCipherCheckId(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformDes3CbcId)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes128CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes192CbcId) ||
+ xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformAes256CbcId)) {
+
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+#ifndef XMLSEC_GNUTLS_OLD
+ gpg_err_code_t ret;
+#endif /* XMLSEC_GNUTLS_OLD */
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
+
+#ifndef XMLSEC_NO_DES
+ if(transform->id == xmlSecGnuTLSTransformDes3CbcId) {
+ ctx->cipher = GCRY_CIPHER_3DES;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataDesId;
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(transform->id == xmlSecGnuTLSTransformAes128CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES128;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataAesId;
+ } else if(transform->id == xmlSecGnuTLSTransformAes192CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES192;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataAesId;
+ } else if(transform->id == xmlSecGnuTLSTransformAes256CbcId) {
+ ctx->cipher = GCRY_CIPHER_AES256;
+ ctx->mode = GCRY_CIPHER_MODE_CBC;
+ ctx->keyId = xmlSecGnuTLSKeyDataAesId;
+ } else
+#endif /* XMLSEC_NO_AES */
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+#ifndef XMLSEC_GNUTLS_OLD
+ ret = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+#else /* XMLSEC_GNUTLS_OLD */
+ ctx->cipherCtx = gcry_cipher_open(ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */
+ if(ctx->cipherCtx == NULL) {
+#endif /* XMLSEC_GNUTLS_OLD */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
+}
+
+static void
+xmlSecGnuTLSBlockCipherFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSBlockCipherCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize));
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->cipherCtx != NULL) {
+ gcry_cipher_close(ctx->cipherCtx);
+ }
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSBlockCipherCtx));
+}
+
+static int
+xmlSecGnuTLSBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+
+ keyReq->keyId = ctx->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = 8 * gcry_cipher_get_algo_keylen(ctx->cipher);
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr buffer;
+ xmlSecSize keySize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->cipherCtx != NULL, -1);
+ xmlSecAssert2(ctx->cipher != 0, -1);
+ xmlSecAssert2(ctx->keyInitialized == 0, -1);
+ xmlSecAssert2(ctx->keyId != NULL, -1);
+ xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
+
+ keySize = gcry_cipher_get_algo_keylen(ctx->cipher);
+ xmlSecAssert2(keySize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) < keySize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "keySize=%d;expected=%d",
+ xmlSecBufferGetSize(buffer), keySize);
+ return(-1);
+ }
+
+ xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
+ ret = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize);
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_cipher_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+
+ ctx->keyInitialized = 1;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSBlockCipherCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSBlockCipherCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSBlockCipherSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ ctx = xmlSecGnuTLSBlockCipherGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ if(ctx->ctxInitialized == 0) {
+ ret = xmlSecGnuTLSBlockCipherCtxInit(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSBlockCipherCtxInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+ if((ctx->ctxInitialized == 0) && (last != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "not enough data to initialize transform");
+ return(-1);
+ }
+ if(ctx->ctxInitialized != 0) {
+ ret = xmlSecGnuTLSBlockCipherCtxUpdate(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSBlockCipherCtxUpdate",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ if(last) {
+ ret = xmlSecGnuTLSBlockCipherCtxFinal(ctx, in, out,
+ (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0,
+ xmlSecTransformGetName(transform), transformCtx);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecGnuTLSBlockCipherCtxFinal",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
+ } else if(transform->status == xmlSecTransformStatusNone) {
+ /* the only way we can get here is if there is no enough data in the input */
+ xmlSecAssert2(last == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
#ifndef XMLSEC_NO_AES
+/*********************************************************************
+ *
+ * AES CBC cipher transforms
+ *
+ ********************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSAes128CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes128Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes128Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
/**
* xmlSecGnuTLSTransformAes128CbcGetKlass:
- *
+ *
* AES 128 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 128 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecGnuTLSTransformAes128CbcGetKlass(void) {
- return (xmlSecGCryptTransformAes128CbcGetKlass());
+ return(&xmlSecGnuTLSAes128CbcKlass);
}
+static xmlSecTransformKlass xmlSecGnuTLSAes192CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes192Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes192Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
/**
* xmlSecGnuTLSTransformAes192CbcGetKlass:
- *
+ *
* AES 192 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 192 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecGnuTLSTransformAes192CbcGetKlass(void) {
- return (xmlSecGCryptTransformAes192CbcGetKlass());
+ return(&xmlSecGnuTLSAes192CbcKlass);
}
+static xmlSecTransformKlass xmlSecGnuTLSAes256CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameAes256Cbc, /* const xmlChar* name; */
+ xmlSecHrefAes256Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
/**
* xmlSecGnuTLSTransformAes256CbcGetKlass:
- *
+ *
* AES 256 CBC encryption transform klass.
- *
+ *
* Returns: pointer to AES 256 CBC encryption transform.
- */
-xmlSecTransformId
+ */
+xmlSecTransformId
xmlSecGnuTLSTransformAes256CbcGetKlass(void) {
- return (xmlSecGCryptTransformAes256CbcGetKlass());
+ return(&xmlSecGnuTLSAes256CbcKlass);
}
+
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
-/**
+static xmlSecTransformKlass xmlSecGnuTLSDes3CbcKlass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSBlockCipherSize, /* xmlSecSize objSize */
+
+ xmlSecNameDes3Cbc, /* const xmlChar* name; */
+ xmlSecHrefDes3Cbc, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecGnuTLSBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecGnuTLSBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecGnuTLSTransformDes3CbcGetKlass:
*
* Triple DES CBC encryption transform klass.
- *
+ *
* Returns: pointer to Triple DES encryption transform.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecGnuTLSTransformDes3CbcGetKlass(void) {
- return (xmlSecGCryptTransformDes3CbcGetKlass());
+ return(&xmlSecGnuTLSDes3CbcKlass);
}
#endif /* XMLSEC_NO_DES */
diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c
index 83175e69..dbf69f21 100644
--- a/src/gnutls/crypto.c
+++ b/src/gnutls/crypto.c
@@ -1,15 +1,16 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
+#include <gnutls/gnutls.h>
#include <gcrypt.h>
#include <xmlsec/xmlsec.h>
@@ -21,7 +22,6 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
-#include <xmlsec/gnutls/x509.h>
static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
@@ -35,197 +35,79 @@ static xmlSecCryptoDLFunctionsPtr gXmlSecGnuTLSFunctions = NULL;
xmlSecCryptoDLFunctionsPtr
xmlSecCryptoGetFunctions_gnutls(void) {
static xmlSecCryptoDLFunctions functions;
-
+
if(gXmlSecGnuTLSFunctions != NULL) {
- return(gXmlSecGnuTLSFunctions);
+ return(gXmlSecGnuTLSFunctions);
}
memset(&functions, 0, sizeof(functions));
gXmlSecGnuTLSFunctions = &functions;
- /********************************************************************
- *
+ /**
* Crypto Init/shutdown
- *
- ********************************************************************/
- gXmlSecGnuTLSFunctions->cryptoInit = xmlSecGnuTLSInit;
- gXmlSecGnuTLSFunctions->cryptoShutdown = xmlSecGnuTLSShutdown;
- gXmlSecGnuTLSFunctions->cryptoKeysMngrInit = xmlSecGnuTLSKeysMngrInit;
+ */
+ gXmlSecGnuTLSFunctions->cryptoInit = xmlSecGnuTLSInit;
+ gXmlSecGnuTLSFunctions->cryptoShutdown = xmlSecGnuTLSShutdown;
+ gXmlSecGnuTLSFunctions->cryptoKeysMngrInit = xmlSecGnuTLSKeysMngrInit;
- /********************************************************************
- *
+ /**
* Key data ids
- *
- ********************************************************************/
-#ifndef XMLSEC_NO_AES
- gXmlSecGnuTLSFunctions->keyDataAesGetKlass = xmlSecGnuTLSKeyDataAesGetKlass;
+ */
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->keyDataAesGetKlass = xmlSecGnuTLSKeyDataAesGetKlass;
#endif /* XMLSEC_NO_AES */
-#ifndef XMLSEC_NO_DES
- gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->keyDataDesGetKlass = xmlSecGnuTLSKeyDataDesGetKlass;
#endif /* XMLSEC_NO_DES */
-#ifndef XMLSEC_NO_DSA
- gXmlSecGnuTLSFunctions->keyDataDsaGetKlass = xmlSecGnuTLSKeyDataDsaGetKlass;
-#endif /* XMLSEC_NO_DSA */
-
-#ifndef XMLSEC_NO_HMAC
- gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
-#endif /* XMLSEC_NO_HMAC */
-
-#ifndef XMLSEC_NO_RSA
- gXmlSecGnuTLSFunctions->keyDataRsaGetKlass = xmlSecGnuTLSKeyDataRsaGetKlass;
-#endif /* XMLSEC_NO_RSA */
+#ifndef XMLSEC_NO_HMAC
+ gXmlSecGnuTLSFunctions->keyDataHmacGetKlass = xmlSecGnuTLSKeyDataHmacGetKlass;
+#endif /* XMLSEC_NO_HMAC */
-#ifndef XMLSEC_NO_X509
- gXmlSecGnuTLSFunctions->keyDataX509GetKlass = xmlSecGnuTLSKeyDataX509GetKlass;
- gXmlSecGnuTLSFunctions->keyDataRawX509CertGetKlass = xmlSecGnuTLSKeyDataRawX509CertGetKlass;
-#endif /* XMLSEC_NO_X509 */
-
- /********************************************************************
- *
+ /**
* Key data store ids
- *
- ********************************************************************/
-#ifndef XMLSEC_NO_X509
- gXmlSecGnuTLSFunctions->x509StoreGetKlass = xmlSecGnuTLSX509StoreGetKlass;
-#endif /* XMLSEC_NO_X509 */
+ */
- /********************************************************************
- *
+ /**
* Crypto transforms ids
- *
- ********************************************************************/
-
- /******************************* AES ********************************/
-#ifndef XMLSEC_NO_AES
- gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
- gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
- gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
- gXmlSecGnuTLSFunctions->transformKWAes128GetKlass = xmlSecGnuTLSTransformKWAes128GetKlass;
- gXmlSecGnuTLSFunctions->transformKWAes192GetKlass = xmlSecGnuTLSTransformKWAes192GetKlass;
- gXmlSecGnuTLSFunctions->transformKWAes256GetKlass = xmlSecGnuTLSTransformKWAes256GetKlass;
+ */
+#ifndef XMLSEC_NO_AES
+ gXmlSecGnuTLSFunctions->transformAes128CbcGetKlass = xmlSecGnuTLSTransformAes128CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes192CbcGetKlass = xmlSecGnuTLSTransformAes192CbcGetKlass;
+ gXmlSecGnuTLSFunctions->transformAes256CbcGetKlass = xmlSecGnuTLSTransformAes256CbcGetKlass;
#endif /* XMLSEC_NO_AES */
- /******************************* DES ********************************/
-#ifndef XMLSEC_NO_DES
- gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
- gXmlSecGnuTLSFunctions->transformKWDes3GetKlass = xmlSecGnuTLSTransformKWDes3GetKlass;
+#ifndef XMLSEC_NO_DES
+ gXmlSecGnuTLSFunctions->transformDes3CbcGetKlass = xmlSecGnuTLSTransformDes3CbcGetKlass;
#endif /* XMLSEC_NO_DES */
- /******************************* DSA ********************************/
-#ifndef XMLSEC_NO_DSA
-
-#ifndef XMLSEC_NO_SHA1
- gXmlSecGnuTLSFunctions->transformDsaSha1GetKlass = xmlSecGnuTLSTransformDsaSha1GetKlass;
-#endif /* XMLSEC_NO_SHA1 */
-
-#endif /* XMLSEC_NO_DSA */
-
- /******************************* HMAC ********************************/
#ifndef XMLSEC_NO_HMAC
-
-#ifndef XMLSEC_NO_MD5
- gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass = xmlSecGnuTLSTransformHmacMd5GetKlass;
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
-#endif /* XMLSEC_NO_RIPEMD160 */
-
-#ifndef XMLSEC_NO_SHA1
- gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass = xmlSecGnuTLSTransformHmacSha1GetKlass;
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- gXmlSecGnuTLSFunctions->transformHmacSha256GetKlass = xmlSecGnuTLSTransformHmacSha256GetKlass;
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- gXmlSecGnuTLSFunctions->transformHmacSha384GetKlass = xmlSecGnuTLSTransformHmacSha384GetKlass;
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- gXmlSecGnuTLSFunctions->transformHmacSha512GetKlass = xmlSecGnuTLSTransformHmacSha512GetKlass;
-#endif /* XMLSEC_NO_SHA512 */
-
+ gXmlSecGnuTLSFunctions->transformHmacSha1GetKlass = xmlSecGnuTLSTransformHmacSha1GetKlass;
+ gXmlSecGnuTLSFunctions->transformHmacRipemd160GetKlass = xmlSecGnuTLSTransformHmacRipemd160GetKlass;
+ gXmlSecGnuTLSFunctions->transformHmacMd5GetKlass = xmlSecGnuTLSTransformHmacMd5GetKlass;
#endif /* XMLSEC_NO_HMAC */
- /******************************* MD5 ********************************/
-#ifndef XMLSEC_NO_MD5
- gXmlSecGnuTLSFunctions->transformMd5GetKlass = xmlSecGnuTLSTransformMd5GetKlass;
-#endif /* XMLSEC_NO_MD5 */
-
- /******************************* RIPEMD160 ********************************/
-#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecGnuTLSFunctions->transformRipemd160GetKlass = xmlSecGnuTLSTransformRipemd160GetKlass;
-#endif /* XMLSEC_NO_RIPEMD160 */
-
- /******************************* RSA ********************************/
-#ifndef XMLSEC_NO_RSA
-
-#ifndef XMLSEC_NO_MD5
- gXmlSecGnuTLSFunctions->transformRsaMd5GetKlass = xmlSecGnuTLSTransformRsaMd5GetKlass;
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_RIPEMD160
- gXmlSecGnuTLSFunctions->transformRsaRipemd160GetKlass = xmlSecGnuTLSTransformRsaRipemd160GetKlass;
-#endif /* XMLSEC_NO_RIPEMD160 */
-
-#ifndef XMLSEC_NO_SHA1
- gXmlSecGnuTLSFunctions->transformRsaSha1GetKlass = xmlSecGnuTLSTransformRsaSha1GetKlass;
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
- gXmlSecGnuTLSFunctions->transformRsaSha256GetKlass = xmlSecGnuTLSTransformRsaSha256GetKlass;
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- gXmlSecGnuTLSFunctions->transformRsaSha384GetKlass = xmlSecGnuTLSTransformRsaSha384GetKlass;
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- gXmlSecGnuTLSFunctions->transformRsaSha512GetKlass = xmlSecGnuTLSTransformRsaSha512GetKlass;
-#endif /* XMLSEC_NO_SHA512 */
-
-#endif /* XMLSEC_NO_RSA */
-
- /******************************* SHA ********************************/
-#ifndef XMLSEC_NO_SHA1
- gXmlSecGnuTLSFunctions->transformSha1GetKlass = xmlSecGnuTLSTransformSha1GetKlass;
+#ifndef XMLSEC_NO_SHA1
+ gXmlSecGnuTLSFunctions->transformSha1GetKlass = xmlSecGnuTLSTransformSha1GetKlass;
#endif /* XMLSEC_NO_SHA1 */
-#ifndef XMLSEC_NO_SHA256
- gXmlSecGnuTLSFunctions->transformSha256GetKlass = xmlSecGnuTLSTransformSha256GetKlass;
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
- gXmlSecGnuTLSFunctions->transformSha384GetKlass = xmlSecGnuTLSTransformSha384GetKlass;
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
- gXmlSecGnuTLSFunctions->transformSha512GetKlass = xmlSecGnuTLSTransformSha512GetKlass;
-#endif /* XMLSEC_NO_SHA512 */
-
-
- /********************************************************************
- *
+ /**
* High level routines form xmlsec command line utility
- *
- ********************************************************************/
- gXmlSecGnuTLSFunctions->cryptoAppInit = xmlSecGnuTLSAppInit;
- gXmlSecGnuTLSFunctions->cryptoAppShutdown = xmlSecGnuTLSAppShutdown;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGnuTLSAppDefaultKeysMngrInit;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGnuTLSAppDefaultKeysMngrLoad;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGnuTLSAppDefaultKeysMngrSave;
+ */
+ gXmlSecGnuTLSFunctions->cryptoAppInit = xmlSecGnuTLSAppInit;
+ gXmlSecGnuTLSFunctions->cryptoAppShutdown = xmlSecGnuTLSAppShutdown;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrInit = xmlSecGnuTLSAppDefaultKeysMngrInit;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecGnuTLSAppDefaultKeysMngrAdoptKey;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecGnuTLSAppDefaultKeysMngrLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultKeysMngrSave = xmlSecGnuTLSAppDefaultKeysMngrSave;
#ifndef XMLSEC_NO_X509
- gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad = xmlSecGnuTLSAppKeysMngrCertLoad;
- gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load = xmlSecGnuTLSAppPkcs12Load;
- gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad = xmlSecGnuTLSAppKeyCertLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppKeysMngrCertLoad = xmlSecGnuTLSAppKeysMngrCertLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppPkcs12Load = xmlSecGnuTLSAppPkcs12Load;
+ gXmlSecGnuTLSFunctions->cryptoAppKeyCertLoad = xmlSecGnuTLSAppKeyCertLoad;
#endif /* XMLSEC_NO_X509 */
- gXmlSecGnuTLSFunctions->cryptoAppKeyLoad = xmlSecGnuTLSAppKeyLoad;
- gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
+ gXmlSecGnuTLSFunctions->cryptoAppKeyLoad = xmlSecGnuTLSAppKeyLoad;
+ gXmlSecGnuTLSFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecGnuTLSAppGetDefaultPwdCallback();
return(gXmlSecGnuTLSFunctions);
}
@@ -233,51 +115,51 @@ xmlSecCryptoGetFunctions_gnutls(void) {
/**
* xmlSecGnuTLSInit:
- *
- * XMLSec library specific crypto engine initialization.
+ *
+ * XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecGnuTLSInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCheckVersionExact",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCheckVersionExact",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gnutls()) < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
}
-
+
return(0);
}
/**
* xmlSecGnuTLSShutdown:
- *
- * XMLSec library specific crypto engine shutdown.
+ *
+ * XMLSec library specific crypto engine shutdown.
*
* Returns: 0 on success or a negative value otherwise.
*/
-int
+int
xmlSecGnuTLSShutdown(void) {
return(0);
}
/**
* xmlSecGnuTLSKeysMngrInit:
- * @mngr: the pointer to keys manager.
+ * @mngr: the pointer to keys manager.
*
* Adds GnuTLS specific key data stores in keys manager.
*
@@ -285,66 +167,38 @@ xmlSecGnuTLSShutdown(void) {
*/
int
xmlSecGnuTLSKeysMngrInit(xmlSecKeysMngrPtr mngr) {
- int ret;
-
xmlSecAssert2(mngr != NULL, -1);
-#ifndef XMLSEC_NO_X509
- /* create x509 store if needed */
- if(xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId) == NULL) {
- xmlSecKeyDataStorePtr x509Store;
-
- x509Store = xmlSecKeyDataStoreCreate(xmlSecGnuTLSX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataStoreCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSX509StoreId");
- return(-1);
- }
-
- ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeysMngrAdoptDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataStoreDestroy(x509Store);
- return(-1);
- }
- }
-#endif /* XMLSEC_NO_X509 */
+ /* TODO: add key data stores */
return(0);
}
/**
* xmlSecGnuTLSGenerateRandom:
- * @buffer: the destination buffer.
- * @size: the numer of bytes to generate.
+ * @buffer: the destination buffer.
+ * @size: the numer of bytes to generate.
*
* Generates @size random bytes and puts result in @buffer.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
-xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
+xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) {
int ret;
-
+
xmlSecAssert2(buffer != NULL, -1);
xmlSecAssert2(size > 0, -1);
ret = xmlSecBufferSetSize(buffer, size);
if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBufferSetSize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "size=%d", size);
- return(-1);
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", size);
+ return(-1);
}
-
+
/* get random data */
gcry_randomize(xmlSecBufferGetData(buffer), size, GCRY_STRONG_RANDOM);
return(0);
diff --git a/src/gnutls/digests.c b/src/gnutls/digests.c
index 2df20706..fb8109de 100644
--- a/src/gnutls/digests.c
+++ b/src/gnutls/digests.c
@@ -1,15 +1,18 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
#include <string.h>
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
#include <xmlsec/xmlsec.h>
#include <xmlsec/keys.h>
#include <xmlsec/transforms.h>
@@ -18,95 +21,298 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
+#define XMLSEC_GNUTLS_MAX_DIGEST_SIZE 32
+
/**************************************************************************
*
- * We use xmlsec-gcrypt for all the basic crypto ops
+ * Internal GNUTLS Digest CTX
*
*****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
+typedef struct _xmlSecGnuTLSDigestCtx xmlSecGnuTLSDigestCtx, *xmlSecGnuTLSDigestCtxPtr;
+struct _xmlSecGnuTLSDigestCtx {
+ int digest;
+ GcryMDHd digestCtx;
+ xmlSecByte dgst[XMLSEC_GNUTLS_MAX_DIGEST_SIZE];
+ xmlSecSize dgstSize; /* dgst size in bytes */
+};
-#ifndef XMLSEC_NO_SHA1
-/**
- * xmlSecGnuTLSTransformSha1GetKlass:
+/******************************************************************************
*
- * SHA-1 digest transform klass.
+ * Digest transforms
*
- * Returns: pointer to SHA-1 digest transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformSha1GetKlass(void) {
- return (xmlSecGCryptTransformSha1GetKlass());
+ * xmlSecGnuTLSDigestCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSDigestSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSDigestCtx))
+#define xmlSecGnuTLSDigestGetCtx(transform) \
+ ((xmlSecGnuTLSDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+
+static int xmlSecGnuTLSDigestInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSDigestFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSDigestVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSDigestExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSDigestCheckId (xmlSecTransformPtr transform);
+
+static int
+xmlSecGnuTLSDigestCheckId(xmlSecTransformPtr transform) {
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_SHA1 */
+
+ return(0);
}
-#endif /* XMLSEC_NO_SHA1 */
+static int
+xmlSecGnuTLSDigestInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+#ifndef XMLSEC_GNUTLS_OLD
+ gpg_err_code_t ret;
+#endif /* XMLSEC_GNUTLS_OLD */
-#ifndef XMLSEC_NO_SHA256
-/**
- * xmlSecGnuTLSTransformSha256GetKlass:
- *
- * SHA256 digest transform klass.
- *
- * Returns: pointer to SHA256 digest transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformSha256GetKlass(void) {
- return (xmlSecGCryptTransformSha256GetKlass());
+ xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ /* initialize context */
+ memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
+
+#ifndef XMLSEC_NO_SHA1
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else
+#endif /* XMLSEC_NO_SHA1 */
+
+ if(1) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_GNUTLS_OLD
+ ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+#else /* XMLSEC_GNUTLS_OLD */
+ ctx->digestCtx = gcry_md_open(ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ctx->digestCtx == NULL) {
+#endif /* XMLSEC_GNUTLS_OLD */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ return(0);
}
-#endif /* XMLSEC_NO_SHA256 */
-#ifndef XMLSEC_NO_SHA384
-/**
- * xmlSecGnuTLSTransformSha384GetKlass:
- *
- * SHA384 digest transform klass.
- *
- * Returns: pointer to SHA384 digest transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformSha384GetKlass(void) {
- return (xmlSecGCryptTransformSha384GetKlass());
+static void
+xmlSecGnuTLSDigestFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSDigestCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize));
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSDigestCtx));
}
-#endif /* XMLSEC_NO_SHA384 */
-#ifndef XMLSEC_NO_SHA512
-/**
- * xmlSecGnuTLSTransformSha512GetKlass:
- *
- * SHA512 digest transform klass.
- *
- * Returns: pointer to SHA512 digest transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformSha512GetKlass(void) {
- return (xmlSecGCryptTransformSha512GetKlass());
+static int
+xmlSecGnuTLSDigestVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ if(dataSize != ctx->dgstSize) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest sizes are different (data=%d, dgst=%d)",
+ dataSize, ctx->dgstSize);
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ if(memcmp(ctx->dgst, data, dataSize) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
}
-#endif /* XMLSEC_NO_SHA512 */
-#ifndef XMLSEC_NO_MD5
+static int
+xmlSecGnuTLSDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSDigestCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSDigestCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSDigestSize), -1);
+
+ ctx = xmlSecGnuTLSDigestGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digest != GCRY_MD_NONE, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ xmlSecByte* buf;
+
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ buf = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(buf == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ ctx->dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+ xmlSecAssert2(ctx->dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, buf, ctx->dgstSize);
+
+ /* and to the output if needed */
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", ctx->dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "status=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
-/**
- * xmlSecGnuTLSTransformMd5GetKlass:
+#ifndef XMLSEC_NO_SHA1
+/******************************************************************************
*
- * MD5 digest transform klass.
+ * SHA1 Digest transforms
*
- * Returns: pointer to MD5 digest transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformMd5GetKlass(void) {
- return (xmlSecGCryptTransformMd5GetKlass());
-}
-#endif /* XMLSEC_NO_MD5 */
+ *****************************************************************************/
+static xmlSecTransformKlass xmlSecGnuTLSSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSDigestSize, /* xmlSecSize objSize */
+
+ /* data */
+ xmlSecNameSha1, /* const xmlChar* name; */
+ xmlSecHrefSha1, /* const xmlChar* href; */
+ xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */
+
+ /* methods */
+ xmlSecGnuTLSDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ NULL, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSDigestVerify, /* xmlSecTransformVerifyMethod verify; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSDigestExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
-#ifndef XMLSEC_NO_RIPEMD160
-/**
- * xmlSecGnuTLSTransformRipemd160GetKlass:
+/**
+ * xmlSecGnuTLSTransformSha1GetKlass:
*
- * RIPEMD160 digest transform klass.
+ * SHA-1 digest transform klass.
*
- * Returns: pointer to RIPEMD160 digest transform klass.
+ * Returns: pointer to SHA-1 digest transform klass.
*/
-xmlSecTransformId
-xmlSecGnuTLSTransformRipemd160GetKlass(void) {
- return (xmlSecGCryptTransformRipemd160GetKlass());
+xmlSecTransformId
+xmlSecGnuTLSTransformSha1GetKlass(void) {
+ return(&xmlSecGnuTLSSha1Klass);
}
-#endif /* XMLSEC_NO_RIPEMD160 */
+#endif /* XMLSEC_NO_SHA1 */
+
+
diff --git a/src/gnutls/globals.h b/src/gnutls/globals.h
index b49e2404..272a27b8 100644
--- a/src/gnutls/globals.h
+++ b/src/gnutls/globals.h
@@ -5,14 +5,14 @@
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef __XMLSEC_GLOBALS_H__
#define __XMLSEC_GLOBALS_H__
/**
- * Use autoconf defines if present.
+ * Use autoconf defines if present.
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
@@ -21,11 +21,4 @@
#define IN_XMLSEC_CRYPTO
#define XMLSEC_PRIVATE
-#define XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err) \
- "error code=%d; error message='%s'", \
- (int)err, xmlSecErrorsSafeString(gcry_strerror((err)))
-#define XMLSEC_GNUTLS_REPORT_ERROR(err) \
- "error code=%d; error message='%s'", \
- (int)err, xmlSecErrorsSafeString(gnutls_strerror((err)))
-
#endif /* ! __XMLSEC_GLOBALS_H__ */
diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c
index 5d1acfc2..bc106471 100644
--- a/src/gnutls/hmac.c
+++ b/src/gnutls/hmac.c
@@ -1,9 +1,9 @@
-/**
+/**
* XMLSec library
*
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#ifndef XMLSEC_NO_HMAC
@@ -11,6 +11,9 @@
#include <string.h>
+#include <gnutls/gnutls.h>
+#include <gcrypt.h>
+
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#include <xmlsec/keys.h>
@@ -20,122 +23,579 @@
#include <xmlsec/gnutls/app.h>
#include <xmlsec/gnutls/crypto.h>
+/* sizes in bits */
+#define XMLSEC_GNUTLS_MIN_HMAC_SIZE 80
+#define XMLSEC_GNUTLS_MAX_HMAC_SIZE (128 * 8)
+
/**************************************************************************
*
- * We use xmlsec-gcrypt for all the basic crypto ops
+ * Configuration
*
*****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
+static int g_xmlsec_gnutls_hmac_min_length = XMLSEC_GNUTLS_MIN_HMAC_SIZE;
/**
- * xmlSecGnuTLSHmacGetMinOutputLength:
- *
+ * xmlSecGnuTLSHmacGetMinOutputLength:
+ *
* Gets the value of min HMAC length.
- *
+ *
* Returns: the min HMAC output length
*/
int xmlSecGnuTLSHmacGetMinOutputLength(void)
{
- return xmlSecGCryptHmacGetMinOutputLength();
+ return g_xmlsec_gnutls_hmac_min_length;
}
/**
- * xmlSecGnuTLSHmacSetMinOutputLength:
- * @min_length: the new min length
- *
+ * xmlSecGnuTLSHmacSetMinOutputLength:
+ * @min_length: the new min length
+ *
* Sets the min HMAC output length
*/
void xmlSecGnuTLSHmacSetMinOutputLength(int min_length)
{
- xmlSecGCryptHmacSetMinOutputLength(min_length);
+ g_xmlsec_gnutls_hmac_min_length = min_length;
}
-
-
-#ifndef XMLSEC_NO_SHA1
-/**
- * xmlSecGnuTLSTransformHmacSha1GetKlass:
+/**************************************************************************
*
- * The HMAC-SHA1 transform klass.
+ * Internal GNUTLS HMAC CTX
*
- * Returns: the HMAC-SHA1 transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
- return (xmlSecGCryptTransformHmacSha1GetKlass());
-}
-#endif /* XMLSEC_NO_SHA1 */
+ *****************************************************************************/
+typedef struct _xmlSecGnuTLSHmacCtx xmlSecGnuTLSHmacCtx, *xmlSecGnuTLSHmacCtxPtr;
+struct _xmlSecGnuTLSHmacCtx {
+ int digest;
+ GcryMDHd digestCtx;
+ xmlSecByte dgst[XMLSEC_GNUTLS_MAX_HMAC_SIZE / 8];
+ xmlSecSize dgstSize; /* dgst size in bits */
+};
-#ifndef XMLSEC_NO_SHA256
-/**
- * xmlSecGnuTLSTransformHmacSha256GetKlass:
+/******************************************************************************
*
- * The HMAC-SHA256 transform klass.
+ * HMAC transforms
*
- * Returns: the HMAC-SHA256 transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformHmacSha256GetKlass(void) {
- return (xmlSecGCryptTransformHmacSha256GetKlass());
+ * xmlSecGnuTLSHmacCtx is located after xmlSecTransform
+ *
+ *****************************************************************************/
+#define xmlSecGnuTLSHmacGetCtx(transform) \
+ ((xmlSecGnuTLSHmacCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform)))
+#define xmlSecGnuTLSHmacSize \
+ (sizeof(xmlSecTransform) + sizeof(xmlSecGnuTLSHmacCtx))
+#define xmlSecGnuTLSHmacCheckId(transform) \
+ (xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformHmacSha1Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformHmacMd5Id) || \
+ xmlSecTransformCheckId((transform), xmlSecGnuTLSTransformHmacRipemd160Id))
+
+static int xmlSecGnuTLSHmacInitialize (xmlSecTransformPtr transform);
+static void xmlSecGnuTLSHmacFinalize (xmlSecTransformPtr transform);
+static int xmlSecGnuTLSHmacNodeRead (xmlSecTransformPtr transform,
+ xmlNodePtr node,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSHmacSetKeyReq (xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecGnuTLSHmacSetKey (xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecGnuTLSHmacVerify (xmlSecTransformPtr transform,
+ const xmlSecByte* data,
+ xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx);
+static int xmlSecGnuTLSHmacExecute (xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+
+static int
+xmlSecGnuTLSHmacInitialize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+#ifndef XMLSEC_GNUTLS_OLD
+ gpg_err_code_t ret;
+#endif /* XMLSEC_GNUTLS_OLD */
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
+ if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacSha1Id)) {
+ ctx->digest = GCRY_MD_SHA1;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacMd5Id)) {
+ ctx->digest = GCRY_MD_MD5;
+ } else if(xmlSecTransformCheckId(transform, xmlSecGnuTLSTransformHmacRipemd160Id)) {
+ ctx->digest = GCRY_MD_RMD160;
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_TRANSFORM,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+#ifndef XMLSEC_GNUTLS_OLD
+ ret = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ret != GPG_ERR_NO_ERROR) {
+#else /* XMLSEC_GNUTLS_OLD */
+ ctx->digestCtx = gcry_md_open(ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */
+ if(ctx->digestCtx == NULL) {
+#endif /* XMLSEC_GNUTLS_OLD */
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_open",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ return(0);
+}
+
+static void
+xmlSecGnuTLSHmacFinalize(xmlSecTransformPtr transform) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+
+ xmlSecAssert(xmlSecGnuTLSHmacCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize));
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert(ctx != NULL);
+
+ if(ctx->digestCtx != NULL) {
+ gcry_md_close(ctx->digestCtx);
+ }
+ memset(ctx, 0, sizeof(xmlSecGnuTLSHmacCtx));
}
-#endif /* XMLSEC_NO_SHA256 */
-#ifndef XMLSEC_NO_SHA384
/**
- * xmlSecGnuTLSTransformHmacSha384GetKlass:
+ * xmlSecGnuTLSHmacNodeRead:
*
- * The HMAC-SHA384 transform klass.
+ * HMAC (http://www.w3.org/TR/xmldsig-core/#sec-HMAC):
*
- * Returns: the HMAC-SHA384 transform klass.
+ * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits
+ * as a parameter; if the parameter is not specified then all the bits of the
+ * hash are output. An example of an HMAC SignatureMethod element:
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ * <HMACOutputLength>128</HMACOutputLength>
+ * </SignatureMethod>
+ *
+ * Schema Definition:
+ *
+ * <simpleType name="HMACOutputLengthType">
+ * <restriction base="integer"/>
+ * </simpleType>
+ *
+ * DTD:
+ *
+ * <!ELEMENT HMACOutputLength (#PCDATA)>
*/
-xmlSecTransformId
-xmlSecGnuTLSTransformHmacSha384GetKlass(void) {
- return (xmlSecGCryptTransformHmacSha384GetKlass());
+static int
+xmlSecGnuTLSHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlNodePtr cur;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(node != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ cur = xmlSecGetNextElementNode(node->children);
+ if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
+ xmlChar *content;
+
+ content = xmlNodeGetContent(cur);
+ if(content != NULL) {
+ ctx->dgstSize = atoi((char*)content);
+ xmlFree(content);
+ }
+
+ /* Ensure that HMAC length is greater than min specified.
+ Otherwise, an attacker can set this lenght to 0 or very
+ small value
+ */
+ if((int)ctx->dgstSize < xmlSecGnuTLSHmacGetMinOutputLength()) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
+ "HMAC output length is too small");
+ return(-1);
+ }
+
+ cur = xmlSecGetNextElementNode(cur->next);
+ }
+
+ if(cur != NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
+ XMLSEC_ERRORS_R_INVALID_NODE,
+ "no nodes expected");
+ return(-1);
+ }
+ return(0);
}
-#endif /* XMLSEC_NO_SHA384 */
-#ifndef XMLSEC_NO_SHA512
-/**
- * xmlSecGnuTLSTransformHmacSha512GetKlass:
+
+static int
+xmlSecGnuTLSHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+
+ keyReq->keyId = xmlSecGnuTLSKeyDataHmacId;
+ keyReq->keyType= xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationSign) {
+ keyReq->keyUsage = xmlSecKeyUsageSign;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageVerify;
+ }
+
+ return(0);
+}
+
+static int
+xmlSecGnuTLSHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlSecKeyDataPtr value;
+ xmlSecBufferPtr buffer;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ value = xmlSecKeyGetValue(key);
+ xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGnuTLSKeyDataHmacId), -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ if(xmlSecBufferGetSize(buffer) == 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
+ "key is empty");
+ return(-1);
+ }
+
+ ret = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
+ xmlSecBufferGetSize(buffer));
+ if(ret != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_setkey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "ret=%d", ret);
+ return(-1);
+ }
+ return(0);
+}
+
+static int
+xmlSecGnuTLSHmacVerify(xmlSecTransformPtr transform,
+ const xmlSecByte* data, xmlSecSize dataSize,
+ xmlSecTransformCtxPtr transformCtx) {
+ static xmlSecByte last_byte_masks[] =
+ { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, 0xFC, 0xFE };
+
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlSecByte mask;
+
+ xmlSecAssert2(xmlSecTransformIsValid(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
+ xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
+ xmlSecAssert2(data != NULL, -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+ xmlSecAssert2(ctx->dgstSize > 0, -1);
+
+ /* compare the digest size in bytes */
+ if(dataSize != ((ctx->dgstSize + 7) / 8)){
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "data=%d;dgst=%d",
+ dataSize, ((ctx->dgstSize + 7) / 8));
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* we check the last byte separatelly */
+ xmlSecAssert2(dataSize > 0, -1);
+ mask = last_byte_masks[ctx->dgstSize % 8];
+ if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match (last byte)");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ /* now check the rest of the digest */
+ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_DATA_NOT_MATCH,
+ "data and digest do not match");
+ transform->status = xmlSecTransformStatusFail;
+ return(0);
+ }
+
+ transform->status = xmlSecTransformStatusOk;
+ return(0);
+}
+
+static int
+xmlSecGnuTLSHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecGnuTLSHmacCtxPtr ctx;
+ xmlSecBufferPtr in, out;
+ xmlSecByte* dgst;
+ xmlSecSize dgstSize;
+ int ret;
+
+ xmlSecAssert2(xmlSecGnuTLSHmacCheckId(transform), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGnuTLSHmacSize), -1);
+ xmlSecAssert2(transformCtx != NULL, -1);
+
+ ctx = xmlSecGnuTLSHmacGetCtx(transform);
+ xmlSecAssert2(ctx != NULL, -1);
+ xmlSecAssert2(ctx->digestCtx != NULL, -1);
+
+ in = &(transform->inBuf);
+ out = &(transform->outBuf);
+
+ if(transform->status == xmlSecTransformStatusNone) {
+ transform->status = xmlSecTransformStatusWorking;
+ }
+
+ if(transform->status == xmlSecTransformStatusWorking) {
+ xmlSecSize inSize;
+
+ inSize = xmlSecBufferGetSize(in);
+ if(inSize > 0) {
+ gcry_md_write(ctx->digestCtx, xmlSecBufferGetData(in), inSize);
+
+ ret = xmlSecBufferRemoveHead(in, inSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferRemoveHead",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", inSize);
+ return(-1);
+ }
+ }
+ if(last) {
+ /* get the final digest */
+ gcry_md_final(ctx->digestCtx);
+ dgst = gcry_md_read(ctx->digestCtx, ctx->digest);
+ if(dgst == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "gcry_md_read",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* copy it to our internal buffer */
+ dgstSize = gcry_md_get_algo_dlen(ctx->digest);
+ xmlSecAssert2(dgstSize > 0, -1);
+ xmlSecAssert2(dgstSize <= sizeof(ctx->dgst), -1);
+ memcpy(ctx->dgst, dgst, dgstSize);
+
+ /* check/set the result digest size */
+ if(ctx->dgstSize == 0) {
+ ctx->dgstSize = dgstSize * 8; /* no dgst size specified, use all we have */
+ } else if(ctx->dgstSize <= 8 * dgstSize) {
+ dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_SIZE,
+ "result-bits=%d;required-bits=%d",
+ 8 * dgstSize, ctx->dgstSize);
+ return(-1);
+ }
+
+ if(transform->operation == xmlSecTransformOperationSign) {
+ ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ "xmlSecBufferAppend",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ "size=%d", dgstSize);
+ return(-1);
+ }
+ }
+ transform->status = xmlSecTransformStatusFinished;
+ }
+ } else if(transform->status == xmlSecTransformStatusFinished) {
+ /* the only way we can get here is if there is no input */
+ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
+ } else {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_STATUS,
+ "size=%d", transform->status);
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * HMAC SHA1
+ */
+static xmlSecTransformKlass xmlSecGnuTLSHmacSha1Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacSha1, /* const xmlChar* name; */
+ xmlSecHrefHmacSha1, /* const xmlChar *href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSTransformHmacSha1GetKlass:
*
- * The HMAC-SHA512 transform klass.
+ * The HMAC-SHA1 transform klass.
*
- * Returns: the HMAC-SHA512 transform klass.
+ * Returns: the HMAC-SHA1 transform klass.
*/
-xmlSecTransformId
-xmlSecGnuTLSTransformHmacSha512GetKlass(void) {
- return (xmlSecGCryptTransformHmacSha512GetKlass());
+xmlSecTransformId
+xmlSecGnuTLSTransformHmacSha1GetKlass(void) {
+ return(&xmlSecGnuTLSHmacSha1Klass);
}
-#endif /* XMLSEC_NO_SHA512 */
+/**
+ * HMAC Ripemd160
+ */
+static xmlSecTransformKlass xmlSecGnuTLSHmacRipemd160Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
-#ifndef XMLSEC_NO_RIPEMD160
-/**
+ xmlSecNameHmacRipemd160, /* const xmlChar* name; */
+ xmlSecHrefHmacRipemd160, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecGnuTLSTransformHmacRipemd160GetKlass:
*
* The HMAC-RIPEMD160 transform klass.
*
* Returns: the HMAC-RIPEMD160 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecGnuTLSTransformHmacRipemd160GetKlass(void) {
- return (xmlSecGCryptTransformHmacRipemd160GetKlass());
+ return(&xmlSecGnuTLSHmacRipemd160Klass);
}
-#endif /* XMLSEC_NO_RIPEMD160 */
-#ifndef XMLSEC_NO_MD5
-/**
+/**
+ * HMAC Md5
+ */
+static xmlSecTransformKlass xmlSecGnuTLSHmacMd5Klass = {
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecGnuTLSHmacSize, /* xmlSecSize objSize */
+
+ xmlSecNameHmacMd5, /* const xmlChar* name; */
+ xmlSecHrefHmacMd5, /* const xmlChar* href; */
+ xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */
+
+ xmlSecGnuTLSHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecGnuTLSHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ xmlSecGnuTLSHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecGnuTLSHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */
+ xmlSecGnuTLSHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ xmlSecGnuTLSHmacVerify, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecGnuTLSHmacExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecGnuTLSTransformHmacMd5GetKlass:
*
* The HMAC-MD5 transform klass.
*
* Returns: the HMAC-MD5 transform klass.
*/
-xmlSecTransformId
+xmlSecTransformId
xmlSecGnuTLSTransformHmacMd5GetKlass(void) {
- return (xmlSecGCryptTransformHmacMd5GetKlass());
+ return(&xmlSecGnuTLSHmacMd5Klass);
}
-#endif /* XMLSEC_NO_MD5 */
#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c
deleted file mode 100644
index 63f8a6be..00000000
--- a/src/gnutls/kw_aes.c
+++ /dev/null
@@ -1,72 +0,0 @@
-/**
- *
- * XMLSec library
- *
- * AES Algorithm support
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#ifndef XMLSEC_NO_AES
-#include "globals.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/gnutls/crypto.h>
-
-/**************************************************************************
- *
- * We use xmlsec-gcrypt for all the basic crypto ops
- *
- *****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
-
-
-
-/**
- * xmlSecGnuTLSTransformKWAes128GetKlass:
- *
- * The AES-128 kew wrapper transform klass.
- *
- * Returns: AES-128 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWAes128GetKlass(void) {
- return(xmlSecGCryptTransformKWAes128GetKlass());
-}
-
-/**
- * xmlSecGnuTLSTransformKWAes192GetKlass:
- *
- * The AES-192 kew wrapper transform klass.
- *
- * Returns: AES-192 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWAes192GetKlass(void) {
- return(xmlSecGCryptTransformKWAes192GetKlass());
-}
-
-/**
- * xmlSecGnuTLSTransformKWAes256GetKlass:
- *
- * The AES-256 kew wrapper transform klass.
- *
- * Returns: AES-256 kew wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWAes256GetKlass(void) {
- return(xmlSecGCryptTransformKWAes256GetKlass());
-}
-
-#endif /* XMLSEC_NO_AES */
diff --git a/src/gnutls/kw_des.c b/src/gnutls/kw_des.c
deleted file mode 100644
index 5d2a2e55..00000000
--- a/src/gnutls/kw_des.c
+++ /dev/null
@@ -1,51 +0,0 @@
-/**
- *
- * XMLSec library
- *
- * DES Algorithm support
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#ifndef XMLSEC_NO_DES
-#include "globals.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <gcrypt.h>
-
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/gnutls/crypto.h>
-
-/**************************************************************************
- *
- * We use xmlsec-gcrypt for all the basic crypto ops
- *
- *****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
-
-
-/**
- * xmlSecGnuTLSTransformKWDes3GetKlass:
- *
- * The Triple DES key wrapper transform klass.
- *
- * Returns: Triple DES key wrapper transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformKWDes3GetKlass(void) {
- return(xmlSecGCryptTransformKWDes3GetKlass());
-}
-
-#endif /* XMLSEC_NO_DES */
-
diff --git a/src/gnutls/signatures.c b/src/gnutls/signatures.c
deleted file mode 100644
index 98d1f832..00000000
--- a/src/gnutls/signatures.c
+++ /dev/null
@@ -1,148 +0,0 @@
-/**
- * XMLSec library
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#include "globals.h"
-
-#include <string.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/transforms.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/gnutls/crypto.h>
-
-/**************************************************************************
- *
- * We use xmlsec-gcrypt for all the basic crypto ops
- *
- *****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
-#include <gcrypt.h>
-
-
-#ifndef XMLSEC_NO_DSA
-
-#ifndef XMLSEC_NO_SHA1
-
-/**
- * xmlSecGnuTLSTransformDsaSha1GetKlass:
- *
- * The DSA-SHA1 signature transform klass.
- *
- * Returns: DSA-SHA1 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformDsaSha1GetKlass(void) {
- return (xmlSecGCryptTransformDsaSha1GetKlass());
-}
-
-#endif /* XMLSEC_NO_SHA1 */
-
-#endif /* XMLSEC_NO_DSA */
-
-#ifndef XMLSEC_NO_RSA
-
-#ifndef XMLSEC_NO_MD5
-
-/**
- * xmlSecGnuTLSTransformRsaMd5GetKlass:
- *
- * The RSA-MD5 signature transform klass.
- *
- * Returns: RSA-MD5 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformRsaMd5GetKlass(void) {
- return (xmlSecGCryptTransformRsaMd5GetKlass());
-}
-
-#endif /* XMLSEC_NO_MD5 */
-
-#ifndef XMLSEC_NO_RIPEMD160
-
-/**
- * xmlSecGnuTLSTransformRsaRipemd160GetKlass:
- *
- * The RSA-RIPEMD160 signature transform klass.
- *
- * Returns: RSA-RIPEMD160 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformRsaRipemd160GetKlass(void) {
- return (xmlSecGCryptTransformRsaRipemd160GetKlass());
-}
-
-#endif /* XMLSEC_NO_RIPEMD160 */
-
-#ifndef XMLSEC_NO_SHA1
-/**
- * xmlSecGnuTLSTransformRsaSha1GetKlass:
- *
- * The RSA-SHA1 signature transform klass.
- *
- * Returns: RSA-SHA1 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformRsaSha1GetKlass(void) {
- return (xmlSecGCryptTransformRsaSha1GetKlass());
-}
-
-#endif /* XMLSEC_NO_SHA1 */
-
-#ifndef XMLSEC_NO_SHA256
-
-/**
- * xmlSecGnuTLSTransformRsaSha256GetKlass:
- *
- * The RSA-SHA256 signature transform klass.
- *
- * Returns: RSA-SHA256 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformRsaSha256GetKlass(void) {
- return (xmlSecGCryptTransformRsaSha256GetKlass());
-}
-
-#endif /* XMLSEC_NO_SHA256 */
-
-#ifndef XMLSEC_NO_SHA384
-
-/**
- * xmlSecGnuTLSTransformRsaSha384GetKlass:
- *
- * The RSA-SHA384 signature transform klass.
- *
- * Returns: RSA-SHA384 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformRsaSha384GetKlass(void) {
- return (xmlSecGCryptTransformRsaSha384GetKlass());
-}
-
-#endif /* XMLSEC_NO_SHA384 */
-
-#ifndef XMLSEC_NO_SHA512
-/**
- * xmlSecGnuTLSTransformRsaSha512GetKlass:
- *
- * The RSA-SHA512 signature transform klass.
- *
- * Returns: RSA-SHA512 signature transform klass.
- */
-xmlSecTransformId
-xmlSecGnuTLSTransformRsaSha512GetKlass(void) {
- return (xmlSecGCryptTransformRsaSha512GetKlass());
-}
-
-#endif /* XMLSEC_NO_SHA512 */
-
-#endif /* XMLSEC_NO_RSA */
-
-
-
diff --git a/src/gnutls/symkeys.c b/src/gnutls/symkeys.c
index b1521d62..4a11d13a 100644
--- a/src/gnutls/symkeys.c
+++ b/src/gnutls/symkeys.c
@@ -1,12 +1,12 @@
-/**
+/**
*
* XMLSec library
- *
+ *
* DES Algorithm support
- *
+ *
* This is free software; see Copyright file in the source
* distribution for preciese wording.
- *
+ *
* Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com>
*/
#include "globals.h"
@@ -24,33 +24,236 @@
#include <xmlsec/gnutls/crypto.h>
+/*****************************************************************************
+ *
+ * Symmetic (binary) keys - just a wrapper for xmlSecKeyDataBinary
+ *
+ ****************************************************************************/
+static int xmlSecGnuTLSSymKeyDataInitialize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSSymKeyDataDuplicate (xmlSecKeyDataPtr dst,
+ xmlSecKeyDataPtr src);
+static void xmlSecGnuTLSSymKeyDataFinalize (xmlSecKeyDataPtr data);
+static int xmlSecGnuTLSSymKeyDataXmlRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataXmlWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlNodePtr node,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataBinRead (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ const xmlSecByte* buf,
+ xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataBinWrite (xmlSecKeyDataId id,
+ xmlSecKeyPtr key,
+ xmlSecByte** buf,
+ xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx);
+static int xmlSecGnuTLSSymKeyDataGenerate (xmlSecKeyDataPtr data,
+ xmlSecSize sizeBits,
+ xmlSecKeyDataType type);
+
+static xmlSecKeyDataType xmlSecGnuTLSSymKeyDataGetType (xmlSecKeyDataPtr data);
+static xmlSecSize xmlSecGnuTLSSymKeyDataGetSize (xmlSecKeyDataPtr data);
+static void xmlSecGnuTLSSymKeyDataDebugDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static void xmlSecGnuTLSSymKeyDataDebugXmlDump (xmlSecKeyDataPtr data,
+ FILE* output);
+static int xmlSecGnuTLSSymKeyDataKlassCheck (xmlSecKeyDataKlass* klass);
+
+#define xmlSecGnuTLSSymKeyDataCheckId(data) \
+ (xmlSecKeyDataIsValid((data)) && \
+ xmlSecGnuTLSSymKeyDataKlassCheck((data)->id))
+
+static int
+xmlSecGnuTLSSymKeyDataInitialize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
+
+ return(xmlSecKeyDataBinaryValueInitialize(data));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(dst), -1);
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(src), -1);
+ xmlSecAssert2(dst->id == src->id, -1);
+
+ return(xmlSecKeyDataBinaryValueDuplicate(dst, src));
+}
+
+static void
+xmlSecGnuTLSSymKeyDataFinalize(xmlSecKeyDataPtr data) {
+ xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueFinalize(data);
+}
+
+static int
+xmlSecGnuTLSSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ const xmlSecByte* buf, xmlSecSize bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
+ xmlSecByte** buf, xmlSecSize* bufSize,
+ xmlSecKeyInfoCtxPtr keyInfoCtx) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataKlassCheck(id), -1);
+
+ return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx));
+}
+
+static int
+xmlSecGnuTLSSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), -1);
+ xmlSecAssert2(sizeBits > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecGnuTLSGenerateRandom(buffer, (sizeBits + 7) / 8));
+}
+
+static xmlSecKeyDataType
+xmlSecGnuTLSSymKeyDataGetType(xmlSecKeyDataPtr data) {
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown);
+
+ return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown);
+}
+
+static xmlSecSize
+xmlSecGnuTLSSymKeyDataGetSize(xmlSecKeyDataPtr data) {
+ xmlSecAssert2(xmlSecGnuTLSSymKeyDataCheckId(data), 0);
+
+ return(xmlSecKeyDataBinaryValueGetSize(data));
+}
+
+static void
+xmlSecGnuTLSSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugDump(data, output);
+}
+
+static void
+xmlSecGnuTLSSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
+ xmlSecAssert(xmlSecGnuTLSSymKeyDataCheckId(data));
+
+ xmlSecKeyDataBinaryValueDebugXmlDump(data, output);
+}
+
+static int
+xmlSecGnuTLSSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) {
+#ifndef XMLSEC_NO_DES
+ if(klass == xmlSecGnuTLSKeyDataDesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(klass == xmlSecGnuTLSKeyDataAesId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_AES */
+
+#ifndef XMLSEC_NO_HMAC
+ if(klass == xmlSecGnuTLSKeyDataHmacId) {
+ return(1);
+ }
+#endif /* XMLSEC_NO_HMAC */
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
/**************************************************************************
*
- * We use xmlsec-gcrypt for all the basic crypto ops
+ * <xmlsec:AESKeyValue> processing
*
- *****************************************************************************/
-#include <xmlsec/gcrypt/crypto.h>
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataAesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+ /* data */
+ xmlSecNameAESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefAESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+ /* read/write */
+ xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
-#ifndef XMLSEC_NO_AES
-/**
+ /* debug */
+ xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecGnuTLSKeyDataAesGetKlass:
- *
+ *
* The AES key data klass.
*
* Returns: AES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecGnuTLSKeyDataAesGetKlass(void) {
- return (xmlSecGCryptKeyDataAesGetKlass());
+ return(&xmlSecGnuTLSKeyDataAesKlass);
}
/**
* xmlSecGnuTLSKeyDataAesSet:
- * @data: the pointer to AES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to AES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of AES key data.
*
@@ -58,28 +261,80 @@ xmlSecGnuTLSKeyDataAesGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataAesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- return (xmlSecGCryptKeyDataAesSet(data, buf, bufSize));
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataAesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
}
#endif /* XMLSEC_NO_AES */
#ifndef XMLSEC_NO_DES
-/**
- * xmlSecGnuTLSKeyDataDesGetKlass:
+/**************************************************************************
+ *
+ * <xmlsec:DESKeyValue> processing
*
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataDesKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
+
+ /* data */
+ xmlSecNameDESKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefDESKeyValue, /* const xmlChar* href; */
+ xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecGnuTLSKeyDataDesGetKlass:
+ *
* The DES key data klass.
*
* Returns: DES key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecGnuTLSKeyDataDesGetKlass(void) {
- return (xmlSecGCryptKeyDataDesGetKlass());
+ return(&xmlSecGnuTLSKeyDataDesKlass);
}
/**
* xmlSecGnuTLSKeyDataDesSet:
- * @data: the pointer to DES key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to DES key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of DES key data.
*
@@ -87,30 +342,81 @@ xmlSecGnuTLSKeyDataDesGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataDesSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- return (xmlSecGCryptKeyDataDesSet(data, buf, bufSize));
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataDesId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
}
#endif /* XMLSEC_NO_DES */
#ifndef XMLSEC_NO_HMAC
+/**************************************************************************
+ *
+ * <xmlsec:HMACKeyValue> processing
+ *
+ *************************************************************************/
+static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataHmacKlass = {
+ sizeof(xmlSecKeyDataKlass),
+ xmlSecKeyDataBinarySize,
-/**
+ /* data */
+ xmlSecNameHMACKeyValue,
+ xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
+ /* xmlSecKeyDataUsage usage; */
+ xmlSecHrefHMACKeyValue, /* const xmlChar* href; */
+ xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */
+ xmlSecNs, /* const xmlChar* dataNodeNs; */
+
+ /* constructors/destructor */
+ xmlSecGnuTLSSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */
+ xmlSecGnuTLSSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
+ xmlSecGnuTLSSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */
+ xmlSecGnuTLSSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */
+
+ /* get info */
+ xmlSecGnuTLSSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */
+ xmlSecGnuTLSSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */
+ NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
+
+ /* read/write */
+ xmlSecGnuTLSSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
+ xmlSecGnuTLSSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
+ xmlSecGnuTLSSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
+ xmlSecGnuTLSSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */
+
+ /* debug */
+ xmlSecGnuTLSSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
+ xmlSecGnuTLSSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
+
+ /* reserved for the future */
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
* xmlSecGnuTLSKeyDataHmacGetKlass:
- *
+ *
* The HMAC key data klass.
*
* Returns: HMAC key data klass.
*/
-xmlSecKeyDataId
+xmlSecKeyDataId
xmlSecGnuTLSKeyDataHmacGetKlass(void) {
- return (xmlSecGCryptKeyDataHmacGetKlass());
+ return(&xmlSecGnuTLSKeyDataHmacKlass);
}
/**
* xmlSecGnuTLSKeyDataHmacSet:
- * @data: the pointer to HMAC key data.
- * @buf: the pointer to key value.
- * @bufSize: the key value size (in bytes).
+ * @data: the pointer to HMAC key data.
+ * @buf: the pointer to key value.
+ * @bufSize: the key value size (in bytes).
*
* Sets the value of HMAC key data.
*
@@ -118,7 +424,16 @@ xmlSecGnuTLSKeyDataHmacGetKlass(void) {
*/
int
xmlSecGnuTLSKeyDataHmacSet(xmlSecKeyDataPtr data, const xmlSecByte* buf, xmlSecSize bufSize) {
- return (xmlSecGCryptKeyDataHmacSet(data, buf, bufSize));
+ xmlSecBufferPtr buffer;
+
+ xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataHmacId), -1);
+ xmlSecAssert2(buf != NULL, -1);
+ xmlSecAssert2(bufSize > 0, -1);
+
+ buffer = xmlSecKeyDataBinaryValueGetBuffer(data);
+ xmlSecAssert2(buffer != NULL, -1);
+
+ return(xmlSecBufferSetData(buffer, buf, bufSize));
}
#endif /* XMLSEC_NO_HMAC */
diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c
deleted file mode 100644
index 52d46ab4..00000000
--- a/src/gnutls/x509.c
+++ /dev/null
@@ -1,1960 +0,0 @@
-/**
- * XMLSec library
- *
- * X509 support
- *
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#include "globals.h"
-
-#ifndef XMLSEC_NO_X509
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <time.h>
-
-#include <libxml/tree.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
-#include <xmlsec/keysmngr.h>
-#include <xmlsec/x509.h>
-#include <xmlsec/base64.h>
-#include <xmlsec/errors.h>
-#include <xmlsec/private.h>
-
-#include <xmlsec/gnutls/crypto.h>
-#include <xmlsec/gnutls/x509.h>
-
-#include "x509utils.h"
-
-/*************************************************************************
- *
- * X509 utility functions
- *
- ************************************************************************/
-static int xmlSecGnuTLSX509DataNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509CertificateNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509CertificateNodeWrite (gnutls_x509_crt_t cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509SubjectNameNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509SubjectNameNodeWrite (gnutls_x509_crt_t cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509IssuerSerialNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509IssuerSerialNodeWrite (gnutls_x509_crt_t cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509SKINodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509SKINodeWrite (gnutls_x509_crt_t cert,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509CRLNodeRead (xmlSecKeyDataPtr data,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSX509CRLNodeWrite (gnutls_x509_crl_t crl,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data,
- xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-/*************************************************************************
- *
- * Internal GnuTLS X509 data CTX
- *
- ************************************************************************/
-typedef struct _xmlSecGnuTLSX509DataCtx xmlSecGnuTLSX509DataCtx,
- *xmlSecGnuTLSX509DataCtxPtr;
-struct _xmlSecGnuTLSX509DataCtx {
- gnutls_x509_crt_t keyCert;
- xmlSecPtrList certsList;
- xmlSecPtrList crlsList;
-};
-
-
-/**************************************************************************
- *
- * <dsig:X509Data> processing
- *
- *
- * The X509Data Element (http://www.w3.org/TR/xmldsig-core/#sec-X509Data)
- *
- * An X509Data element within KeyInfo contains one or more identifiers of keys
- * or X509 certificates (or certificates' identifiers or a revocation list).
- * The content of X509Data is:
- *
- * 1. At least one element, from the following set of element types; any of these may appear together or more than once iff (if and only if) each instance describes or is related to the same certificate:
- * 2.
- * * The X509IssuerSerial element, which contains an X.509 issuer
- * distinguished name/serial number pair that SHOULD be compliant
- * with RFC2253 [LDAP-DN],
- * * The X509SubjectName element, which contains an X.509 subject
- * distinguished name that SHOULD be compliant with RFC2253 [LDAP-DN],
- * * The X509SKI element, which contains the base64 encoded plain (i.e.
- * non-DER-encoded) value of a X509 V.3 SubjectKeyIdentifier extension.
- * * The X509Certificate element, which contains a base64-encoded [X509v3]
- * certificate, and
- * * Elements from an external namespace which accompanies/complements any
- * of the elements above.
- * * The X509CRL element, which contains a base64-encoded certificate
- * revocation list (CRL) [X509v3].
- *
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that appear
- * MUST refer to the certificate or certificates containing the validation key.
- * All such elements that refer to a particular individual certificate MUST be
- * grouped inside a single X509Data element and if the certificate to which
- * they refer appears, it MUST also be in that X509Data element.
- *
- * Any X509IssuerSerial, X509SKI, and X509SubjectName elements that relate to
- * the same key but different certificates MUST be grouped within a single
- * KeyInfo but MAY occur in multiple X509Data elements.
- *
- * All certificates appearing in an X509Data element MUST relate to the
- * validation key by either containing it or being part of a certification
- * chain that terminates in a certificate containing the validation key.
- *
- * No ordering is implied by the above constraints.
- *
- * Note, there is no direct provision for a PKCS#7 encoded "bag" of
- * certificates or CRLs. However, a set of certificates and CRLs can occur
- * within an X509Data element and multiple X509Data elements can occur in a
- * KeyInfo. Whenever multiple certificates occur in an X509Data element, at
- * least one such certificate must contain the public key which verifies the
- * signature.
- *
- * Schema Definition
- *
- * <element name="X509Data" type="ds:X509DataType"/>
- * <complexType name="X509DataType">
- * <sequence maxOccurs="unbounded">
- * <choice>
- * <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
- * <element name="X509SKI" type="base64Binary"/>
- * <element name="X509SubjectName" type="string"/>
- * <element name="X509Certificate" type="base64Binary"/>
- * <element name="X509CRL" type="base64Binary"/>
- * <any namespace="##other" processContents="lax"/>
- * </choice>
- * </sequence>
- * </complexType>
- * <complexType name="X509IssuerSerialType">
- * <sequence>
- * <element name="X509IssuerName" type="string"/>
- * <element name="X509SerialNumber" type="integer"/>
- * </sequence>
- * </complexType>
- *
- * DTD
- *
- * <!ELEMENT X509Data ((X509IssuerSerial | X509SKI | X509SubjectName |
- * X509Certificate | X509CRL)+ %X509.ANY;)>
- * <!ELEMENT X509IssuerSerial (X509IssuerName, X509SerialNumber) >
- * <!ELEMENT X509IssuerName (#PCDATA) >
- * <!ELEMENT X509SubjectName (#PCDATA) >
- * <!ELEMENT X509SerialNumber (#PCDATA) >
- * <!ELEMENT X509SKI (#PCDATA) >
- * <!ELEMENT X509Certificate (#PCDATA) >
- * <!ELEMENT X509CRL (#PCDATA) >
- *
- * -----------------------------------------------------------------------
- *
- * xmlSecGnuTLSX509DataCtx is located after xmlSecTransform
- *
- *************************************************************************/
-#define xmlSecGnuTLSX509DataSize \
- (sizeof(xmlSecKeyData) + sizeof(xmlSecGnuTLSX509DataCtx))
-#define xmlSecGnuTLSX509DataGetCtx(data) \
- ((xmlSecGnuTLSX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData)))
-
-static int xmlSecGnuTLSKeyDataX509Initialize (xmlSecKeyDataPtr data);
-static int xmlSecGnuTLSKeyDataX509Duplicate (xmlSecKeyDataPtr dst,
- xmlSecKeyDataPtr src);
-static void xmlSecGnuTLSKeyDataX509Finalize (xmlSecKeyDataPtr data);
-static int xmlSecGnuTLSKeyDataX509XmlRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static int xmlSecGnuTLSKeyDataX509XmlWrite (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- xmlNodePtr node,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-static xmlSecKeyDataType xmlSecGnuTLSKeyDataX509GetType (xmlSecKeyDataPtr data);
-static const xmlChar* xmlSecGnuTLSKeyDataX509GetIdentifier (xmlSecKeyDataPtr data);
-
-static void xmlSecGnuTLSKeyDataX509DebugDump (xmlSecKeyDataPtr data,
- FILE* output);
-static void xmlSecGnuTLSKeyDataX509DebugXmlDump (xmlSecKeyDataPtr data,
- FILE* output);
-
-
-
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataX509Klass = {
- sizeof(xmlSecKeyDataKlass),
- xmlSecGnuTLSX509DataSize,
-
- /* data */
- xmlSecNameX509Data,
- xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefX509Data, /* const xmlChar* href; */
- xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- xmlSecGnuTLSKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */
- xmlSecGnuTLSKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */
- xmlSecGnuTLSKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- xmlSecGnuTLSKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- xmlSecGnuTLSKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- xmlSecGnuTLSKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- xmlSecGnuTLSKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- NULL, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
- xmlSecGnuTLSKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- xmlSecGnuTLSKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecGnuTLSKeyDataX509GetKlass:
- *
- * The GnuTLS X509 key data klass (http://www.w3.org/TR/xmldsig-core/#sec-X509Data).
- *
- * Returns: the X509 data klass.
- */
-xmlSecKeyDataId
-xmlSecGnuTLSKeyDataX509GetKlass(void) {
- return(&xmlSecGnuTLSKeyDataX509Klass);
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509GetKeyCert:
- * @data: the pointer to X509 key data.
- *
- * Gets the certificate from which the key was extracted.
- *
- * Returns: the key's certificate or NULL if key data was not used for key
- * extraction or an error occurs.
- */
-gnutls_x509_crt_t
-xmlSecGnuTLSKeyDataX509GetKeyCert(xmlSecKeyDataPtr data) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, NULL);
-
- return(ctx->keyCert);
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509AdoptKeyCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to GnuTLS X509 certificate.
- *
- * Sets the key's certificate in @data.
- *
- * Returns: 0 on success or a negative value if an error occurs.
- */
-int
-xmlSecGnuTLSKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(cert != NULL, -1);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
- if(ctx->keyCert != NULL) {
- gnutls_x509_crt_deinit(ctx->keyCert);
- }
- ctx->keyCert = cert;
- return(0);
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509AdoptCert:
- * @data: the pointer to X509 key data.
- * @cert: the pointer to GnuTLS X509 certificate.
- *
- * Adds certificate to the X509 key data.
- *
- * Returns: 0 on success or a negative value if an error occurs.
- */
-int
-xmlSecGnuTLSKeyDataX509AdoptCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(cert != NULL, -1);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
- ret = xmlSecPtrListAdd(&(ctx->certsList), cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509GetCert:
- * @data: the pointer to X509 key data.
- * @pos: the desired certificate position.
- *
- * Gets a certificate from X509 key data.
- *
- * Returns: the pointer to certificate or NULL if @pos is larger than the
- * number of certificates in @data or an error occurs.
- */
-gnutls_x509_crt_t
-xmlSecGnuTLSKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, NULL);
-
- return(xmlSecPtrListGetItem(&(ctx->certsList), pos));
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509GetCertsSize:
- * @data: the pointer to X509 key data.
- *
- * Gets the number of certificates in @data.
- *
- * Returns: te number of certificates in @data.
- */
-xmlSecSize
-xmlSecGnuTLSKeyDataX509GetCertsSize(xmlSecKeyDataPtr data) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, 0);
-
- return(xmlSecPtrListGetSize(&(ctx->certsList)));
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509AdoptCrl:
- * @data: the pointer to X509 key data.
- * @crl: the pointer to GnuTLS X509 crl.
- *
- * Adds crl to the X509 key data.
- *
- * Returns: 0 on success or a negative value if an error occurs.
- */
-int
-xmlSecGnuTLSKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, gnutls_x509_crl_t crl) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(crl != NULL, -1);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
- ret = xmlSecPtrListAdd(&(ctx->crlsList), crl);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecPtrListAdd",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509GetCrl:
- * @data: the pointer to X509 key data.
- * @pos: the desired crl position.
- *
- * Gets a crl from X509 key data.
- *
- * Returns: the pointer to crl or NULL if @pos is larger than the
- * number of crls in @data or an error occurs.
- */
-gnutls_x509_crl_t
-xmlSecGnuTLSKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, NULL);
-
- return(xmlSecPtrListGetItem(&(ctx->crlsList), pos));
-}
-
-/**
- * xmlSecGnuTLSKeyDataX509GetCrlsSize:
- * @data: the pointer to X509 key data.
- *
- * Gets the number of crls in @data.
- *
- * Returns: te number of crls in @data.
- */
-xmlSecSize
-xmlSecGnuTLSKeyDataX509GetCrlsSize(xmlSecKeyDataPtr data) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), 0);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, 0);
-
- return(xmlSecPtrListGetSize(&(ctx->crlsList)));
-}
-
-
-static int
-xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSX509DataCtx));
-
- ret = xmlSecPtrListInitialize(&(ctx->certsList), xmlSecGnuTLSX509CrtListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "certsList");
- return(-1);
- }
-
- ret = xmlSecPtrListInitialize(&(ctx->crlsList), xmlSecGnuTLSX509CrlListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecPtrListInitialize",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "crlsList");
- return(-1);
- }
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) {
- xmlSecGnuTLSX509DataCtxPtr ctxSrc;
- xmlSecGnuTLSX509DataCtxPtr ctxDst;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecGnuTLSKeyDataX509Id), -1);
-
- ctxSrc = xmlSecGnuTLSX509DataGetCtx(src);
- xmlSecAssert2(ctxSrc != NULL, 0);
- ctxDst = xmlSecGnuTLSX509DataGetCtx(dst);
- xmlSecAssert2(ctxDst != NULL, 0);
-
- /* copy key cert if exist */
- if(ctxDst->keyCert != NULL) {
- gnutls_x509_crt_deinit(ctxDst->keyCert);
- ctxDst->keyCert = NULL;
- }
- if(ctxSrc->keyCert != NULL) {
- ctxDst->keyCert = xmlSecGnuTLSX509CertDup(ctxSrc->keyCert);
- if(ctxDst->keyCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecGnuTLSX509CertDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- /* copy certsList if exists */
- xmlSecPtrListEmpty(&(ctxDst->certsList));
- ret = xmlSecPtrListCopy(&(ctxDst->certsList), &(ctxSrc->certsList));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "certsList");
- return(-1);
- }
-
- /* copy crlsList if exists */
- xmlSecPtrListEmpty(&(ctxDst->crlsList));
- ret = xmlSecPtrListCopy(&(ctxDst->crlsList), &(ctxSrc->crlsList));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)),
- "xmlSecPtrListCopy",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "crlsList");
- return(-1);
- }
- /* done */
- return(0);
-}
-
-static void
-xmlSecGnuTLSKeyDataX509Finalize(xmlSecKeyDataPtr data) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
-
- xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert(ctx != NULL);
-
- xmlSecPtrListFinalize(&(ctx->crlsList));
- xmlSecPtrListFinalize(&(ctx->certsList));
- if(ctx->keyCert != NULL) {
- gnutls_x509_crt_deinit(ctx->keyCert);
- }
- memset(ctx, 0, sizeof(xmlSecGnuTLSX509DataCtx));
-}
-
-static int
-xmlSecGnuTLSKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataPtr data;
- int ret;
-
- xmlSecAssert2(id == xmlSecGnuTLSKeyDataX509Id, -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- data = xmlSecKeyEnsureData(key, id);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecGnuTLSX509DataNodeRead(data, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSX509DataNodeRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) {
- ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- return(0);
-}
-
-static int
-xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key,
- xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataPtr data;
- gnutls_x509_crt_t cert;
- gnutls_x509_crl_t crl;
- xmlSecSize size, pos;
- int content;
- int ret;
-
- xmlSecAssert2(id == xmlSecGnuTLSKeyDataX509Id, -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx);
- if (content < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecX509DataGetNodeContent",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "content=%d", content);
- return(-1);
- } else if(content == 0) {
- /* by default we are writing certificates and crls */
- content = XMLSEC_X509DATA_DEFAULT;
- }
-
- /* get x509 data */
- data = xmlSecKeyGetData(key, id);
- if(data == NULL) {
- /* no x509 data in the key */
- return(0);
- }
-
- /* write certs */
- size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
- for(pos = 0; pos < size; ++pos) {
- cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) {
- ret = xmlSecGnuTLSX509CertificateNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSX509CertificateNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) {
- ret = xmlSecGnuTLSX509SubjectNameNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSX509SubjectNameNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) {
- ret = xmlSecGnuTLSX509IssuerSerialNodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSX509IssuerSerialNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
-
- if((content & XMLSEC_X509DATA_SKI_NODE) != 0) {
- ret = xmlSecGnuTLSX509SKINodeWrite(cert, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSX509SKINodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
- }
-
- /* write crls if needed */
- if((content & XMLSEC_X509DATA_CRL_NODE) != 0) {
- size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
- for(pos = 0; pos < size; ++pos) {
- crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
-
- ret = xmlSecGnuTLSX509CRLNodeWrite(crl, node, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSX509CRLNodeWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return(-1);
- }
- }
- }
-
- /* done */
- return(0);
-}
-
-
-static xmlSecKeyDataType
-xmlSecGnuTLSKeyDataX509GetType(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), xmlSecKeyDataTypeUnknown);
-
- /* TODO: return verified/not verified status */
- return(xmlSecKeyDataTypeUnknown);
-}
-
-static const xmlChar*
-xmlSecGnuTLSKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) {
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), NULL);
-
- /* TODO */
- return(NULL);
-}
-
-static void
-xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecSize size, pos;
-
- xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
- xmlSecAssert(output != NULL);
-
- fprintf(output, "=== X509 Data:\n");
-
- /* key cert */
- {
- gnutls_x509_crt_t cert;
-
- cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
- if(cert != NULL) {
- fprintf(output, "==== Key Certificate:\n");
- xmlSecGnuTLSX509CertDebugDump(cert, output);
- }
- }
-
- /* other certs */
- size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
- for(pos = 0; pos < size; ++pos) {
- gnutls_x509_crt_t cert;
-
- cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "==== Certificate:\n");
- xmlSecGnuTLSX509CertDebugDump(cert, output);
- }
-
- /* crls */
- size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
- for(pos = 0; pos < size; ++pos) {
- gnutls_x509_crl_t crl;
-
- crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "==== Crl:\n");
- xmlSecGnuTLSX509CrlDebugDump(crl, output);
- }
-}
-
-static void
-xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) {
- xmlSecSize size, pos;
-
- xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id));
- xmlSecAssert(output != NULL);
-
- fprintf(output, "<X509Data>\n");
-
- /* key cert */
- {
- gnutls_x509_crt_t cert;
-
- cert = xmlSecGnuTLSKeyDataX509GetKeyCert(data);
- if(cert != NULL) {
- fprintf(output, "<KeyCertificate>\n");
- xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
- fprintf(output, "</KeyCertificate>\n");
- }
- }
-
- /* other certs */
- size = xmlSecGnuTLSKeyDataX509GetCertsSize(data);
- for(pos = 0; pos < size; ++pos) {
- gnutls_x509_crt_t cert;
-
- cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509GetCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "<Certificate>\n");
- xmlSecGnuTLSX509CertDebugXmlDump(cert, output);
- fprintf(output, "</Certificate>\n");
- }
-
- /* other crls */
- size = xmlSecGnuTLSKeyDataX509GetCrlsSize(data);
- for(pos = 0; pos < size; ++pos) {
- gnutls_x509_crl_t crl;
-
- crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509GetCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%d", pos);
- return;
- }
- fprintf(output, "<CRL>\n");
- xmlSecGnuTLSX509CrlDebugXmlDump(crl, output);
- fprintf(output, "</CRL>\n");
- }
-
- /* we don't print out crls */
- fprintf(output, "</X509Data>\n");
-}
-
-static int
-xmlSecGnuTLSX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlNodePtr cur;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- for(cur = xmlSecGetNextElementNode(node->children);
- cur != NULL;
- cur = xmlSecGetNextElementNode(cur->next)) {
-
- ret = 0;
- if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) {
- ret = xmlSecGnuTLSX509CertificateNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) {
- ret = xmlSecGnuTLSX509SubjectNameNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) {
- ret = xmlSecGnuTLSX509IssuerSerialNodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) {
- ret = xmlSecGnuTLSX509SKINodeRead(data, cur, keyInfoCtx);
- } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) {
- ret = xmlSecGnuTLSX509CRLNodeRead(data, cur, keyInfoCtx);
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) {
- /* laxi schema validation: ignore unknown nodes */
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "read node failed");
- return(-1);
- }
- }
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar *content;
- gnutls_x509_crt_t cert;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- content = xmlNodeGetContent(node);
- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
- }
-
- cert = xmlSecGnuTLSX509CertBase64DerRead(content);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CertBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert);
- xmlFree(content);
- return(-1);
- }
-
- xmlFree(content);
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar* buf;
- xmlNodePtr cur;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- /* set base64 lines size from context */
- buf = xmlSecGnuTLSX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509Certificate));
- xmlFree(buf);
- return(-1);
- }
-
- /* todo: add \n around base64 data - from context */
- /* todo: add errors check */
- xmlNodeSetContent(cur, xmlSecStringCR);
- xmlNodeSetContent(cur, buf);
- xmlFree(buf);
- return(0);
-}
-
-
-
-#define XMLSEC_GNUTLS_IS_SPACE(ch) \
- (((ch) == ' ') || ((ch) == '\r') || ((ch) == '\n'))
-
-static void
-xmlSecGnuTLSX509Trim(xmlChar * str) {
- xmlChar * p, * q;
-
- xmlSecAssert(str != NULL);
-
- /* skip spaces from the beggining */
- p = str;
- while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) ++p;
- if(p != str) {
- for(q = str; ; ++q, ++p) {
- (*q) = (*p);
- if((*p) == '\0') {
- break;
- }
- }
- }
-
- /* skip spaces from the end */
- for(p = str; (*p) != '\0'; ++p);
- while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) *(--p) = '\0';
-}
-
-static int
-xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
- xmlChar* subject;
- gnutls_x509_crt_t cert;
- gnutls_x509_crt_t cert2;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
- xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
-
- x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- subject = xmlNodeGetContent(node);
- if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) {
- if(subject != NULL) {
- xmlFree(subject);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
- }
-
- xmlSecGnuTLSX509Trim(subject);
- cert = xmlSecGnuTLSX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx);
- if(cert == NULL){
-
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "subject=%s",
- xmlSecErrorsSafeString(subject));
- xmlFree(subject);
- return(-1);
- }
-
- xmlFree(subject);
- return(0);
- }
-
- cert2 = xmlSecGnuTLSX509CertDup(cert);
- if(cert2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CertDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
-
- xmlFree(subject);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert2);
- xmlFree(subject);
- return(-1);
- }
-
- xmlFree(subject);
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509SubjectNameNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlChar* buf = NULL;
- xmlNodePtr cur = NULL;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- /* add node */
- cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SubjectName));
- return(-1);
- }
-
- /* get subject */
- buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetSubjectDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* set value */
- xmlSecNodeEncodeAndSetContent(cur, buf);
-
- /* done */
- xmlFree(buf);
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
- xmlNodePtr cur;
- xmlChar *issuerName;
- xmlChar *issuerSerial;
- gnutls_x509_crt_t cert;
- gnutls_x509_crt_t cert2;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
- xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
-
- x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecGetNextElementNode(node->children);
- if(cur == NULL) {
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- return(0);
- }
-
- /* the first is required node X509IssuerName */
- if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- return(-1);
- }
- issuerName = xmlNodeGetContent(cur);
- if(issuerName == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
-
- /* next is required node X509SerialNumber */
- if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_NODE_NOT_FOUND,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- xmlFree(issuerName);
- return(-1);
- }
- issuerSerial = xmlNodeGetContent(cur);
- if(issuerSerial == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)));
- xmlFree(issuerName);
- return(-1);
- }
- cur = xmlSecGetNextElementNode(cur->next);
-
- if(cur != NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
- XMLSEC_ERRORS_R_UNEXPECTED_NODE,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
- xmlSecGnuTLSX509Trim(issuerName);
- xmlSecGnuTLSX509Trim(issuerSerial);
- cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx);
- if(cert == NULL){
-
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "issuerName=%s;issuerSerial=%s",
- xmlSecErrorsSafeString(issuerName),
- xmlSecErrorsSafeString(issuerSerial));
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(0);
- }
-
- cert2 = xmlSecGnuTLSX509CertDup(cert);
- if(cert2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CertDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert2);
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(-1);
- }
-
- xmlFree(issuerSerial);
- xmlFree(issuerName);
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509IssuerSerialNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlNodePtr cur;
- xmlNodePtr issuerNameNode;
- xmlNodePtr issuerNumberNode;
- xmlChar* buf;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- /* create xml nodes */
- cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial));
- return(-1);
- }
-
- issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs);
- if(issuerNameNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509IssuerName));
- return(-1);
- }
-
- issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs);
- if(issuerNumberNode == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber));
- return(-1);
- }
-
- /* write data */
- buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetIssuerDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- xmlSecNodeEncodeAndSetContent(issuerNameNode, buf);
- xmlFree(buf);
-
- buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetIssuerSerial",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf);
- xmlFree(buf);
-
- return(0);
-}
-
-
-static int
-xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataStorePtr x509Store;
- xmlChar* ski;
- gnutls_x509_crt_t cert;
- gnutls_x509_crt_t cert2;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
- xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
-
- x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ski = xmlNodeGetContent(node);
- if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) {
- if(ski != NULL) {
- xmlFree(ski);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- "node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- return(-1);
- }
- return(0);
- }
-
- xmlSecGnuTLSX509Trim(ski);
- cert = xmlSecGnuTLSX509StoreFindCert(x509Store, NULL, NULL, NULL, ski, keyInfoCtx);
- if(cert == NULL){
- xmlFree(ski);
-
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- "ski=%s",
- xmlSecErrorsSafeString(ski));
- return(-1);
- }
- return(0);
- }
-
- cert2 = xmlSecGnuTLSX509CertDup(cert);
- if(cert2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CertDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(ski);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert2);
- xmlFree(ski);
- return(-1);
- }
-
- xmlFree(ski);
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509SKINodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) {
- xmlChar *buf = NULL;
- xmlNodePtr cur = NULL;
-
- xmlSecAssert2(cert != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
-
- /* add node */
- cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509SKI));
- return(-1);
- }
-
- /* write value */
- buf = xmlSecGnuTLSX509CertGetSKI(cert);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetSKI",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- xmlSecNodeEncodeAndSetContent(cur, buf);
- xmlFree(buf);
-
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar *content;
- gnutls_x509_crl_t crl;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- content = xmlNodeGetContent(node);
- if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) {
- if(content != NULL) {
- xmlFree(content);
- }
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- xmlSecErrorsSafeString(xmlSecNodeGetName(node)),
- XMLSEC_ERRORS_R_INVALID_NODE_CONTENT,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
- }
-
- crl = xmlSecGnuTLSX509CrlBase64DerRead(content);
- if(crl == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CrlBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(content);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCrl(data, crl);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSKeyDataX509AdoptCrl",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crl_deinit(crl);
- xmlFree(content);
- return(-1);
- }
-
- xmlFree(content);
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509CRLNodeWrite(gnutls_x509_crl_t crl, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlChar* buf = NULL;
- xmlNodePtr cur = NULL;
-
- xmlSecAssert2(crl != NULL, -1);
- xmlSecAssert2(node != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- /* set base64 lines size from context */
- buf = xmlSecGnuTLSX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs);
- if(cur == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecAddChild",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "new_node=%s",
- xmlSecErrorsSafeString(xmlSecNodeX509CRL));
- xmlFree(buf);
- return(-1);
- }
- /* todo: add \n around base64 data - from context */
- /* todo: add errors check */
- xmlNodeSetContent(cur, xmlSecStringCR);
- xmlNodeSetContent(cur, buf);
- xmlFree(buf);
-
- return(0);
-}
-
-
-static int
-xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecGnuTLSX509DataCtxPtr ctx;
- xmlSecKeyDataStorePtr x509Store;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecGnuTLSKeyDataX509Id), -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
- xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1);
-
- ctx = xmlSecGnuTLSX509DataGetCtx(data);
- xmlSecAssert2(ctx != NULL, -1);
-
- x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId);
- if(x509Store == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeysMngrGetDataStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- if((ctx->keyCert == NULL) && (xmlSecPtrListGetSize(&(ctx->certsList)) > 0) && (xmlSecKeyGetValue(key) == NULL)) {
- gnutls_x509_crt_t cert;
-
- cert = xmlSecGnuTLSX509StoreVerify(x509Store, &(ctx->certsList), &(ctx->crlsList), keyInfoCtx);
- if(cert != NULL) {
- xmlSecKeyDataPtr keyValue;
-
- ctx->keyCert = xmlSecGnuTLSX509CertDup(cert);
- if(ctx->keyCert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CertDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- keyValue = xmlSecGnuTLSX509CertGetKey(ctx->keyCert);
- if(keyValue == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecGnuTLSX509CertGetKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* verify that the key matches our expectations */
- if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeyReqMatchKeyValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- ret = xmlSecKeySetValue(key, keyValue);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "xmlSecKeySetValue",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlSecKeyDataDestroy(keyValue);
- return(-1);
- }
-
- /* get expiration time */
- key->notValidBefore = gnutls_x509_crt_get_activation_time(ctx->keyCert);
- if(key->notValidBefore == (time_t)-1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "gnutls_x509_crt_get_activation_time",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- key->notValidAfter = gnutls_x509_crt_get_expiration_time(ctx->keyCert);
- if(key->notValidAfter == (time_t)-1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- "gnutls_x509_crt_get_expiration_time",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)),
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_FOUND,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
- return(0);
-}
-
-/**
- * xmlSecGnuTLSX509CertGetKey:
- * @cert: the certificate.
- *
- * Extracts public key from the @cert.
- *
- * Returns: public key value or NULL if an error occurs.
- */
-xmlSecKeyDataPtr
-xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) {
- xmlSecKeyDataPtr data;
- int alg;
- unsigned int bits;
- int err;
- int ret;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- alg = gnutls_x509_crt_get_pk_algorithm(cert, &bits);
- if(alg < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_pk_algorithm",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(alg));
- return(NULL);
- }
-
- switch(alg) {
-#ifndef XMLSEC_NO_RSA
- case GNUTLS_PK_RSA:
- {
- gnutls_datum_t m, e;
-
- data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSKeyDataRsaId");
- return(NULL);
- }
-
- err = gnutls_x509_crt_get_pk_rsa_raw(cert, &m, &e);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_pk_rsa_raw",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- ret = xmlSecGnuTLSKeyDataRsaAdoptPublicKey(data, &m, &e);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataRsaAdoptPublicKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_free(m.data);
- gnutls_free(e.data);
- return(NULL);
- }
- /* m and e are owned by data now */
- }
- break;
-#endif /* XMLSEC_NO_RSA */
-
-#ifndef XMLSEC_NO_DSA
- case GNUTLS_PK_DSA:
- {
- gnutls_datum_t p, q, g, y;
-
- data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSKeyDataDsaId");
- return(NULL);
- }
-
- err = gnutls_x509_crt_get_pk_dsa_raw(cert, &p, &q, &g, &y);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_pk_dsa_raw",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- ret = xmlSecGnuTLSKeyDataDsaAdoptPublicKey(data, &p, &q, &g, &y);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataDsaAdoptPublicKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_free(p.data);
- gnutls_free(q.data);
- gnutls_free(g.data);
- gnutls_free(y.data);
- return(NULL);
- }
- /* p, q, g and y are owned by data now */
- }
- break;
-#endif /* XMLSEC_NO_DSA */
-
- default:
- {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_pk_algorithm",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Unsupported algorithm %d", (int)alg);
- return(NULL);
- }
- }
-
- /* data */
- return(data);
-}
-
-
-/**************************************************************************
- *
- * Raw X509 Certificate processing
- *
- *
- *************************************************************************/
-static int xmlSecGnuTLSKeyDataRawX509CertBinRead (xmlSecKeyDataId id,
- xmlSecKeyPtr key,
- const xmlSecByte* buf,
- xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx);
-
-static xmlSecKeyDataKlass xmlSecGnuTLSKeyDataRawX509CertKlass = {
- sizeof(xmlSecKeyDataKlass),
- sizeof(xmlSecKeyData),
-
- /* data */
- xmlSecNameRawX509Cert,
- xmlSecKeyDataUsageRetrievalMethodNodeBin,
- /* xmlSecKeyDataUsage usage; */
- xmlSecHrefRawX509Cert, /* const xmlChar* href; */
- NULL, /* const xmlChar* dataNodeName; */
- xmlSecDSigNs, /* const xmlChar* dataNodeNs; */
-
- /* constructors/destructor */
- NULL, /* xmlSecKeyDataInitializeMethod initialize; */
- NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */
- NULL, /* xmlSecKeyDataFinalizeMethod finalize; */
- NULL, /* xmlSecKeyDataGenerateMethod generate; */
-
- /* get info */
- NULL, /* xmlSecKeyDataGetTypeMethod getType; */
- NULL, /* xmlSecKeyDataGetSizeMethod getSize; */
- NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */
-
- /* read/write */
- NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */
- NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */
- xmlSecGnuTLSKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */
- NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */
-
- /* debug */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */
- NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-/**
- * xmlSecGnuTLSKeyDataRawX509CertGetKlass:
- *
- * The raw X509 certificates key data klass.
- *
- * Returns: raw X509 certificates key data klass.
- */
-xmlSecKeyDataId
-xmlSecGnuTLSKeyDataRawX509CertGetKlass(void) {
- return(&xmlSecGnuTLSKeyDataRawX509CertKlass);
-}
-
-static int
-xmlSecGnuTLSKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key,
- const xmlSecByte* buf, xmlSecSize bufSize,
- xmlSecKeyInfoCtxPtr keyInfoCtx) {
- xmlSecKeyDataPtr data;
- gnutls_x509_crt_t cert;
- int ret;
-
- xmlSecAssert2(id == xmlSecGnuTLSKeyDataRawX509CertId, -1);
- xmlSecAssert2(key != NULL, -1);
- xmlSecAssert2(buf != NULL, -1);
- xmlSecAssert2(bufSize > 0, -1);
- xmlSecAssert2(keyInfoCtx != NULL, -1);
-
- cert = xmlSecGnuTLSX509CertRead(buf, bufSize, xmlSecKeyDataFormatCertDer);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id);
- if(data == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecKeyEnsureData",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSKeyDataX509AdoptCert",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- gnutls_x509_crt_deinit(cert);
- return(-1);
- }
-
- ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)),
- "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- return(0);
-}
-
-#endif /* XMLSEC_NO_X509 */
diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c
deleted file mode 100644
index 0dc70003..00000000
--- a/src/gnutls/x509utils.c
+++ /dev/null
@@ -1,1687 +0,0 @@
-/**
- * XMLSec library
- *
- * X509 support
- *
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#include "globals.h"
-
-#ifndef XMLSEC_NO_X509
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-#include <time.h>
-
-#include <libxml/tree.h>
-
-
-
-#include <gnutls/gnutls.h>
-#include <gnutls/x509.h>
-#include <gnutls/pkcs12.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
-#include <xmlsec/keysmngr.h>
-#include <xmlsec/x509.h>
-#include <xmlsec/base64.h>
-#include <xmlsec/errors.h>
-#include <xmlsec/private.h>
-
-#include <xmlsec/gnutls/crypto.h>
-#include <xmlsec/gnutls/x509.h>
-
-#include "x509utils.h"
-
-
-/**************************************************************************
- *
- * X509 crt list
- *
- *****************************************************************************/
-static xmlSecPtr xmlSecGnuTLSX509CrtListDuplicateItem (xmlSecPtr ptr);
-static void xmlSecGnuTLSX509CrtListDestroyItem (xmlSecPtr ptr);
-static void xmlSecGnuTLSX509CrtListDebugDumpItem (xmlSecPtr ptr,
- FILE* output);
-static void xmlSecGnuTLSX509CrtListDebugXmlDumpItem (xmlSecPtr ptr,
- FILE* output);
-
-static xmlSecPtrListKlass xmlSecGnuTLSX509CrtListKlass = {
- BAD_CAST "gnutls-x509-crt-list",
- xmlSecGnuTLSX509CrtListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- xmlSecGnuTLSX509CrtListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
- xmlSecGnuTLSX509CrtListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- xmlSecGnuTLSX509CrtListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
-};
-
-xmlSecPtrListId
-xmlSecGnuTLSX509CrtListGetKlass(void) {
- return(&xmlSecGnuTLSX509CrtListKlass);
-}
-
-static xmlSecPtr
-xmlSecGnuTLSX509CrtListDuplicateItem(xmlSecPtr ptr) {
- xmlSecAssert2(ptr != NULL, NULL);
-
- return xmlSecGnuTLSX509CertDup((gnutls_x509_crt_t)ptr);
-}
-
-static void
-xmlSecGnuTLSX509CrtListDestroyItem(xmlSecPtr ptr) {
- xmlSecAssert(ptr != NULL);
-
- gnutls_x509_crt_deinit((gnutls_x509_crt_t)ptr);
-}
-
-static void
-xmlSecGnuTLSX509CrtListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
- xmlSecAssert(ptr != NULL);
- xmlSecAssert(output != NULL);
-
- xmlSecGnuTLSX509CertDebugDump((gnutls_x509_crt_t)ptr, output);
-}
-
-
-static void
-xmlSecGnuTLSX509CrtListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
- xmlSecAssert(ptr != NULL);
- xmlSecAssert(output != NULL);
-
- xmlSecGnuTLSX509CertDebugXmlDump((gnutls_x509_crt_t)ptr, output);
-}
-
-/**************************************************************************
- *
- * X509 crl list
- *
- *****************************************************************************/
-static xmlSecPtr xmlSecGnuTLSX509CrlListDuplicateItem (xmlSecPtr ptr);
-static void xmlSecGnuTLSX509CrlListDestroyItem (xmlSecPtr ptr);
-static void xmlSecGnuTLSX509CrlListDebugDumpItem (xmlSecPtr ptr,
- FILE* output);
-static void xmlSecGnuTLSX509CrlListDebugXmlDumpItem (xmlSecPtr ptr,
- FILE* output);
-
-static xmlSecPtrListKlass xmlSecGnuTLSX509CrlListKlass = {
- BAD_CAST "gnutls-x509-crl-list",
- xmlSecGnuTLSX509CrlListDuplicateItem, /* xmlSecPtrDuplicateItemMethod duplicateItem; */
- xmlSecGnuTLSX509CrlListDestroyItem, /* xmlSecPtrDestroyItemMethod destroyItem; */
- xmlSecGnuTLSX509CrlListDebugDumpItem, /* xmlSecPtrDebugDumpItemMethod debugDumpItem; */
- xmlSecGnuTLSX509CrlListDebugXmlDumpItem, /* xmlSecPtrDebugDumpItemMethod debugXmlDumpItem; */
-};
-
-xmlSecPtrListId
-xmlSecGnuTLSX509CrlListGetKlass(void) {
- return(&xmlSecGnuTLSX509CrlListKlass);
-}
-
-static xmlSecPtr
-xmlSecGnuTLSX509CrlListDuplicateItem(xmlSecPtr ptr) {
- xmlSecAssert2(ptr != NULL, NULL);
-
- return xmlSecGnuTLSX509CrlDup((gnutls_x509_crl_t)ptr);
-}
-
-static void
-xmlSecGnuTLSX509CrlListDestroyItem(xmlSecPtr ptr) {
- xmlSecAssert(ptr != NULL);
-
- gnutls_x509_crl_deinit((gnutls_x509_crl_t)ptr);
-}
-
-static void
-xmlSecGnuTLSX509CrlListDebugDumpItem(xmlSecPtr ptr, FILE* output) {
- xmlSecAssert(ptr != NULL);
- xmlSecAssert(output != NULL);
-
- xmlSecGnuTLSX509CrlDebugDump((gnutls_x509_crl_t)ptr, output);
-}
-
-
-static void
-xmlSecGnuTLSX509CrlListDebugXmlDumpItem(xmlSecPtr ptr, FILE* output) {
- xmlSecAssert(ptr != NULL);
- xmlSecAssert(output != NULL);
-
- xmlSecGnuTLSX509CrlDebugXmlDump((gnutls_x509_crl_t)ptr, output);
-}
-
-/*************************************************************************
- *
- * x509 certs utils/helpers
- *
- ************************************************************************/
-
-/* HACK: gnutls doesn't have cert duplicate function, so we simply
- write cert out and then read it back */
-gnutls_x509_crt_t
-xmlSecGnuTLSX509CertDup(gnutls_x509_crt_t src) {
- xmlChar * buf = NULL;
- gnutls_x509_crt_t res = NULL;
-
- xmlSecAssert2(src != NULL, NULL);
-
- buf = xmlSecGnuTLSX509CertBase64DerWrite(src, 0);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
- }
-
- res = xmlSecGnuTLSX509CertBase64DerRead(buf);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(buf);
- return (NULL);
- }
-
- /* done */
- xmlFree(buf);
- return (res);
-}
-
-xmlChar *
-xmlSecGnuTLSX509CertGetSubjectDN(gnutls_x509_crt_t cert) {
- char* buf = NULL;
- size_t bufSize = 0;
- int err;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get subject size */
- err = gnutls_x509_crt_get_dn(cert, NULL, &bufSize);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_dn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (char *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* finally write it out */
- err = gnutls_x509_crt_get_dn(cert, buf, &bufSize);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_dn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- return(BAD_CAST buf);
-}
-
-xmlChar *
-xmlSecGnuTLSX509CertGetIssuerDN(gnutls_x509_crt_t cert) {
- char* buf = NULL;
- size_t bufSize = 0;
- int err;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get issuer size */
- err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &bufSize);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_issuer_dn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (char *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* finally write it out */
- err = gnutls_x509_crt_get_issuer_dn(cert, buf, &bufSize);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_issuer_dn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- return(BAD_CAST buf);
-}
-
-xmlChar *
-xmlSecGnuTLSX509CertGetIssuerSerial(gnutls_x509_crt_t cert) {
- xmlChar * res = NULL;
- unsigned char* buf = NULL;
- size_t bufSize = 0;
- int err;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get issuer serial size */
- err = gnutls_x509_crt_get_serial(cert, NULL, &bufSize);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_serial",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (unsigned char *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* write it out */
- err = gnutls_x509_crt_get_serial(cert, buf, &bufSize);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_serial",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* convert to string */
- res = xmlSecGnuTLSASN1IntegerWrite(buf, bufSize);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSASN1IntegerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- xmlFree(buf);
- return(res);
-}
-
-xmlChar *
-xmlSecGnuTLSX509CertGetSKI(gnutls_x509_crt_t cert) {
- xmlChar * res = NULL;
- xmlSecByte* buf = NULL;
- size_t bufSize = 0;
- unsigned int critical = 0;
- int err;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get ski size */
- err = gnutls_x509_crt_get_subject_key_id(cert, NULL, &bufSize, &critical);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_subject_key_id",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* write it out */
- err = gnutls_x509_crt_get_subject_key_id(cert, buf, &bufSize, &critical);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_subject_key_id",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* convert to string */
- res = xmlSecBase64Encode(buf, bufSize, 0);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- xmlFree(buf);
- return(res);
-}
-
-
-gnutls_x509_crt_t
-xmlSecGnuTLSX509CertBase64DerRead(xmlChar* buf) {
- int ret;
-
- xmlSecAssert2(buf != NULL, NULL);
-
- /* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- return(xmlSecGnuTLSX509CertRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
-}
-
-gnutls_x509_crt_t
-xmlSecGnuTLSX509CertRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
- gnutls_x509_crt_t cert = NULL;
- gnutls_x509_crt_fmt_t fmt;
- gnutls_datum_t data;
- int err;
-
- xmlSecAssert2(buf != NULL, NULL);
- xmlSecAssert2(size > 0, NULL);
-
- /* figure out format */
- switch(format) {
- case xmlSecKeyDataFormatPem:
- case xmlSecKeyDataFormatCertPem:
- fmt = GNUTLS_X509_FMT_PEM;
- break;
- case xmlSecKeyDataFormatDer:
- case xmlSecKeyDataFormatCertDer:
- fmt = GNUTLS_X509_FMT_DER;
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(NULL);
- }
-
- /* read cert */
- err = gnutls_x509_crt_init(&cert);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- data.data = (unsigned char*)buf;
- data.size = size;
- err = gnutls_x509_crt_import(cert, &data, fmt);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_import",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- gnutls_x509_crt_deinit(cert);
- return(NULL);
- }
-
- return(cert);
-}
-
-xmlChar*
-xmlSecGnuTLSX509CertBase64DerWrite(gnutls_x509_crt_t cert, int base64LineWrap) {
- xmlChar * res = NULL;
- xmlSecByte* buf = NULL;
- size_t bufSize = 0;
- int err;
-
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get size */
- err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, NULL, &bufSize);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* write it out */
- err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, buf, &bufSize);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* convert to string */
- res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- xmlFree(buf);
- return(res);
-}
-
-void
-xmlSecGnuTLSX509CertDebugDump(gnutls_x509_crt_t cert, FILE* output) {
- xmlChar * buf;
-
- xmlSecAssert(cert != NULL);
- xmlSecAssert(output != NULL);
-
- buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
- if(buf != NULL) {
- fprintf(output, "==== Subject Name: %s\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "==== Subject Name: unknown\n");
- }
-
- buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
- if(buf != NULL) {
- fprintf(output, "==== Issuer Name: %s\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "==== Issuer Name: unknown\n");
- }
-
- buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
- if(buf != NULL) {
- fprintf(output, "==== Issuer Serial: %s\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "==== Issuer Serial: unknown\n");
- }
-}
-
-void
-xmlSecGnuTLSX509CertDebugXmlDump(gnutls_x509_crt_t cert, FILE* output) {
- xmlChar * buf;
-
- xmlSecAssert(cert != NULL);
- xmlSecAssert(output != NULL);
-
- buf = xmlSecGnuTLSX509CertGetSubjectDN(cert);
- if(buf != NULL) {
- fprintf(output, "<SubjectName>%s</SubjectName>\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "<SubjectName>unknown</SubjectName>\n");
- }
-
- buf = xmlSecGnuTLSX509CertGetIssuerDN(cert);
- if(buf != NULL) {
- fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "<IssuerName>unknown</IssuerName>\n");
- }
-
- buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
- if(buf != NULL) {
- fprintf(output, "<SerialNumber>%s</SerialNumber>\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "<SerialNumber>unknown</SerialNumber>\n");
- }
-}
-
-/*************************************************************************
- *
- * x509 crls utils/helpers
- *
- ************************************************************************/
-
-/* HACK: gnutls doesn't have crl duplicate function, so we simply
- write crl out and then read it back */
-gnutls_x509_crl_t
-xmlSecGnuTLSX509CrlDup(gnutls_x509_crl_t src) {
- xmlChar * buf = NULL;
- gnutls_x509_crl_t res = NULL;
-
- xmlSecAssert2(src != NULL, NULL);
-
- buf = xmlSecGnuTLSX509CrlBase64DerWrite(src, 0);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CrlBase64DerWrite",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return (NULL);
- }
-
- res = xmlSecGnuTLSX509CrlBase64DerRead(buf);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CrlBase64DerRead",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(buf);
- return (NULL);
- }
-
- /* done */
- xmlFree(buf);
- return (res);
-}
-
-xmlChar *
-xmlSecGnuTLSX509CrlGetIssuerDN(gnutls_x509_crl_t crl) {
- char* buf = NULL;
- size_t bufSize = 0;
- int err;
-
- xmlSecAssert2(crl != NULL, NULL);
-
- /* get issuer size */
- err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &bufSize);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crl_get_issuer_dn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (char *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* finally write it out */
- err = gnutls_x509_crl_get_issuer_dn(crl, buf, &bufSize);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crl_get_issuer_dn",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- return(BAD_CAST buf);
-}
-
-gnutls_x509_crl_t
-xmlSecGnuTLSX509CrlBase64DerRead(xmlChar* buf) {
- int ret;
-
- xmlSecAssert2(buf != NULL, NULL);
-
- /* usual trick with base64 decoding "in-place" */
- ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf));
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Decode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(NULL);
- }
-
- return(xmlSecGnuTLSX509CrlRead((const xmlSecByte*)buf, ret, xmlSecKeyDataFormatCertDer));
-}
-
-gnutls_x509_crl_t
-xmlSecGnuTLSX509CrlRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFormat format) {
- gnutls_x509_crl_t crl = NULL;
- gnutls_x509_crt_fmt_t fmt;
- gnutls_datum_t data;
- int err;
-
- xmlSecAssert2(buf != NULL, NULL);
- xmlSecAssert2(size > 0, NULL);
-
- /* figure out format */
- switch(format) {
- case xmlSecKeyDataFormatPem:
- case xmlSecKeyDataFormatCertPem:
- fmt = GNUTLS_X509_FMT_PEM;
- break;
- case xmlSecKeyDataFormatDer:
- case xmlSecKeyDataFormatCertDer:
- fmt = GNUTLS_X509_FMT_DER;
- break;
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_INVALID_FORMAT,
- "format=%d", format);
- return(NULL);
- }
-
- /* read crl */
- err = gnutls_x509_crl_init(&crl);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crl_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- data.data = (unsigned char*)buf;
- data.size = size;
- err = gnutls_x509_crl_import(crl, &data, fmt);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crl_import",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- gnutls_x509_crl_deinit(crl);
- return(NULL);
- }
-
- return(crl);
-}
-
-xmlChar*
-xmlSecGnuTLSX509CrlBase64DerWrite(gnutls_x509_crl_t crl, int base64LineWrap) {
- xmlChar * res = NULL;
- xmlSecByte* buf = NULL;
- size_t bufSize = 0;
- int err;
-
- xmlSecAssert2(crl != NULL, NULL);
-
- /* get size */
- err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, NULL, &bufSize);
- if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- return(NULL);
- }
-
- /* allocate buffer */
- buf = (xmlSecByte *)xmlMalloc(bufSize + 1);
- if(buf == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)bufSize);
- return(NULL);
- }
-
- /* write it out */
- err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, buf, &bufSize);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- xmlFree(buf);
- return(NULL);
- }
-
- /* convert to string */
- res = xmlSecBase64Encode(buf, bufSize, base64LineWrap);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecBase64Encode",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- xmlFree(buf);
- return(NULL);
- }
-
- /* done */
- xmlFree(buf);
- return(res);
-}
-
-void
-xmlSecGnuTLSX509CrlDebugDump(gnutls_x509_crl_t crl, FILE* output) {
- xmlChar * buf;
-
- xmlSecAssert(crl != NULL);
- xmlSecAssert(output != NULL);
-
- buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
- if(buf != NULL) {
- fprintf(output, "==== Issuer Name: %s\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "==== Issuer Name: unknown\n");
- }
-}
-
-void
-xmlSecGnuTLSX509CrlDebugXmlDump(gnutls_x509_crl_t crl, FILE* output) {
- xmlChar * buf;
-
- xmlSecAssert(crl != NULL);
- xmlSecAssert(output != NULL);
-
- buf = xmlSecGnuTLSX509CrlGetIssuerDN(crl);
- if(buf != NULL) {
- fprintf(output, "<IssuerName>%s</IssuerName>\n", buf);
- xmlFree(buf);
- } else {
- fprintf(output, "<IssuerName>unknown</IssuerName>\n");
- }
-}
-
-/*************************************************************************
- *
- * Misc. utils/helpers
- *
- ************************************************************************/
-xmlChar*
-xmlSecGnuTLSASN1IntegerWrite(const unsigned char * data, size_t len) {
- xmlChar *res = NULL;
- int resLen = 64; /* not more than 64 chars */
- unsigned long long int val = 0;
- size_t ii = 0;
- int shift = 0;
-
- xmlSecAssert2(data != NULL, NULL);
- xmlSecAssert2(len <= 9, NULL);
-
- /* HACK : to be fixed after GnuTLS provides a way to read opaque ASN1 integer */
- for(ii = len; ii > 0; --ii, shift += 8) {
- val |= ((unsigned long long)data[ii - 1]) << shift;
- }
-
- res = (xmlChar*)xmlMalloc(resLen + 1);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)resLen);
- return (NULL);
- }
-
- xmlSecStrPrintf(res, resLen, BAD_CAST "%llu", val);
- return(res);
-}
-
-/*************************************************************************
- *
- * pkcs12 utils/helpers
- *
- ************************************************************************/
-int
-xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize,
- const char *pwd,
- gnutls_x509_privkey_t * priv_key,
- gnutls_x509_crt_t * key_cert,
- xmlSecPtrListPtr certsList)
-{
- gnutls_pkcs12_t pkcs12 = NULL;
- gnutls_pkcs12_bag_t bag = NULL;
- gnutls_x509_crt_t cert = NULL;
- gnutls_datum_t datum;
- xmlSecSize certsSize;
- int res = -1;
- int idx;
- int err;
- int ret;
-
- xmlSecAssert2(data != NULL, -1);
- xmlSecAssert2(dataSize > 0, -1);
- xmlSecAssert2(priv_key != NULL, -1);
- xmlSecAssert2((*priv_key) == NULL, -1);
- xmlSecAssert2(key_cert!= NULL, -1);
- xmlSecAssert2((*key_cert) == NULL, -1);
- xmlSecAssert2(certsList != NULL, -1);
-
- /* read pkcs12 in internal structure */
- err = gnutls_pkcs12_init(&pkcs12);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- datum.data = (unsigned char *)data;
- datum.size = dataSize;
- err = gnutls_pkcs12_import(pkcs12, &datum, GNUTLS_X509_FMT_DER, 0);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_import",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- /* verify */
- err = gnutls_pkcs12_verify_mac(pkcs12, pwd);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_verify_mac",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- /* scan the pkcs structure and find the first private key */
- for(idx = 0; ; ++idx) {
- int bag_type;
- int elements_in_bag;
- int ii;
-
- err = gnutls_pkcs12_bag_init(&bag);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_bag_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- err = gnutls_pkcs12_get_bag(pkcs12, idx, bag);
- if(err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) {
- /* scanned the whole pkcs12, stop */
- break;
- } else if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_get_bag",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- /* check if we need to decrypt the bag */
- bag_type = gnutls_pkcs12_bag_get_type(bag, 0);
- if(bag_type < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_bag_get_type",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
- goto done;
- }
- if(bag_type == GNUTLS_BAG_ENCRYPTED) {
- err = gnutls_pkcs12_bag_decrypt(bag, pwd);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_bag_decrypt",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
- }
-
- /* scan elements in bag */
- elements_in_bag = gnutls_pkcs12_bag_get_count(bag);
- if(elements_in_bag < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_bag_get_count",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
- goto done;
- }
- for(ii = 0; ii < elements_in_bag; ++ii) {
- bag_type = gnutls_pkcs12_bag_get_type(bag, ii);
- if(bag_type < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_bag_get_type",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(bag_type));
- goto done;
- }
-
- err = gnutls_pkcs12_bag_get_data(bag, ii, &datum);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_pkcs12_bag_get_data",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- switch(bag_type) {
- case GNUTLS_BAG_PKCS8_ENCRYPTED_KEY:
- case GNUTLS_BAG_PKCS8_KEY:
- /* we want only the first private key */
- if((*priv_key) == NULL) {
- err = gnutls_x509_privkey_init(priv_key);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- err = gnutls_x509_privkey_import_pkcs8((*priv_key),
- &datum, GNUTLS_X509_FMT_DER,
- pwd,
- (bag_type == GNUTLS_BAG_PKCS8_KEY) ? GNUTLS_PKCS_PLAIN : 0);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_import_pkcs8",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
- }
- break;
- case GNUTLS_BAG_CERTIFICATE:
- err = gnutls_x509_crt_init(&cert);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_init",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- err = gnutls_x509_crt_import(cert, &datum, GNUTLS_X509_FMT_DER);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_import",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- ret = xmlSecPtrListAdd(certsList, cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListAdd(certsList)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- cert = NULL; /* owned by certsList now */
- break;
- default:
- /* ignore unknown bag element */
- break;
- }
- }
-
- /* done with bag */
- gnutls_pkcs12_bag_deinit(bag);
- bag = NULL;
- }
-
- /* check we have private key */
- if((*priv_key) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Private key was not found in pkcs12 object");
- goto done;
- }
-
- /* we will search for key cert using the key id */
- certsSize = xmlSecPtrListGetSize(certsList);
- if(certsSize > 0) {
- size_t cert_id_size = 0;
- size_t key_id_size = 0;
- xmlSecByte cert_id[100];
- xmlSecByte key_id[100];
- xmlSecSize ii;
-
- key_id_size = sizeof(key_id);
- err = gnutls_x509_privkey_get_key_id((*priv_key), 0, key_id, &key_id_size);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_get_key_id",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
- for(ii = 0; ii < certsSize; ++ii) {
- gnutls_x509_crt_t tmp;
-
- tmp = xmlSecPtrListGetItem(certsList, ii);
- if(tmp == NULL) {
- continue;
- }
-
- cert_id_size = sizeof(cert_id);
- err = gnutls_x509_crt_get_key_id(tmp, 0, cert_id, &cert_id_size);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_key_id",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- goto done;
- }
-
- /* if key ids match, then this is THE key cert!!! */
- if((key_id_size == cert_id_size) && (memcmp(key_id, cert_id, key_id_size) == 0)) {
- (*key_cert) = xmlSecGnuTLSX509CertDup(tmp);
- if((*key_cert) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertDup",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- break;
- }
- }
-
- /* check we have key cert */
- if((*key_cert) == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Certificate for the private key was not found in pkcs12 object");
- goto done;
- }
- }
-
-
- /* success!!! */
- res = 0;
-
-done:
- if(cert != NULL) {
- gnutls_x509_crt_deinit(cert);
- }
- if(bag != NULL) {
- gnutls_pkcs12_bag_deinit(bag);
- }
- if(pkcs12 != NULL) {
- gnutls_pkcs12_deinit(pkcs12);
- }
- return(res);
-}
-
-xmlSecKeyDataPtr
-xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key) {
- xmlSecKeyDataPtr res = NULL;
- int key_alg;
- int ret;
-
- xmlSecAssert2(priv_key != NULL, NULL);
-
- /* create key value data */
- key_alg = gnutls_x509_privkey_get_pk_algorithm(priv_key);
- if(key_alg < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_get_pk_algorithm",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(key_alg));
- return (NULL);
- }
- switch(key_alg) {
-#ifndef XMLSEC_NO_RSA
- case GNUTLS_PK_RSA:
- res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSKeyDataRsaId");
- return(NULL);
- }
-
- ret = xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(res, priv_key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataRsaAdoptPrivateKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSKeyDataRsaId");
- xmlSecKeyDataDestroy(res);
- return(NULL);
- }
- break;
-#endif /* XMLSEC_NO_RSA */
-
-#ifndef XMLSEC_NO_DSA
- case GNUTLS_PK_DSA:
- res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId);
- if(res == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecKeyDataCreate",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSKeyDataDsaId");
- return(NULL);
- }
-
- ret = xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(res, priv_key);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSKeyDataDsaAdoptPrivateKey",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "xmlSecGnuTLSKeyDataDsaId");
- xmlSecKeyDataDestroy(res);
- return(NULL);
- }
- break;
-#endif /* XMLSEC_NO_DSA */
- default:
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_privkey_get_pk_algorithm",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Unsupported algorithm %d", (int)key_alg);
- return(NULL);
- }
-
- /* done */
- return(res);
-}
-
-/*************************************************************************
- *
- * LDAP DN parser
- *
- ************************************************************************/
-void
-xmlSecGnuTLSDnAttrsInitialize(xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize) {
- xmlSecAssert(attrs != NULL);
- xmlSecAssert(attrsSize > 0);
-
- memset(attrs, 0, attrsSize * sizeof(xmlSecGnuTLSDnAttr));
-}
-
-void
-xmlSecGnuTLSDnAttrsDeinitialize(xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize) {
- xmlSecSize ii;
-
- xmlSecAssert(attrs != NULL);
- xmlSecAssert(attrsSize > 0);
-
- for(ii = 0; ii < attrsSize; ++ii) {
- if(attrs[ii].key != NULL) {
- xmlFree(attrs[ii].key);
- }
- if(attrs[ii].value != NULL) {
- xmlFree(attrs[ii].value);
- }
- }
- memset(attrs, 0, attrsSize * sizeof(xmlSecGnuTLSDnAttr));
-}
-
-const xmlSecGnuTLSDnAttr *
-xmlSecGnuTLSDnAttrrsFind(const xmlSecGnuTLSDnAttr * attrs,
- xmlSecSize attrsSize,
- const xmlChar * key)
-{
- xmlSecSize ii;
-
- xmlSecAssert2(attrs != NULL, NULL);
- xmlSecAssert2(attrsSize > 0, NULL);
- xmlSecAssert2(key != NULL, NULL);
-
- for(ii = 0; ii < attrsSize; ++ii) {
- /* simple case */
- if(xmlStrcasecmp(key, attrs[ii].key) == 0) {
- return(&(attrs[ii]));
- }
-
- /* special case for emailAddress (as usual) */
- if((xmlStrcasecmp(key, BAD_CAST "emailAddress") == 0) &&
- (xmlStrcasecmp(attrs[ii].key, BAD_CAST "email") == 0))
- {
- return(&(attrs[ii]));
- }
- if((xmlStrcasecmp(key, BAD_CAST "email") == 0) &&
- (xmlStrcasecmp(attrs[ii].key, BAD_CAST "emailAddress") == 0))
- {
- return(&(attrs[ii]));
- }
- }
-
- /* not found :( */
- return(NULL);
-}
-
-int
-xmlSecGnuTLSDnAttrsEqual(const xmlSecGnuTLSDnAttr * ll, xmlSecSize llSize,
- const xmlSecGnuTLSDnAttr * rr, xmlSecSize rrSize)
-{
- xmlSecSize llNum = 0;
- xmlSecSize rrNum = 0;
- const xmlSecGnuTLSDnAttr * tmp;
- xmlSecSize ii;
-
- xmlSecAssert2(ll != NULL, -1);
- xmlSecAssert2(llSize > 0, -1);
- xmlSecAssert2(rr != NULL, -1);
- xmlSecAssert2(rrSize > 0, -1);
-
- /* compare number of non-nullattributes */
- for(ii = 0; ii < llSize; ++ii) {
- if(ll[ii].key != NULL) {
- ++llNum;
- }
- }
- for(ii = 0; ii < rrSize; ++ii) {
- if(rr[ii].key != NULL) {
- ++rrNum;
- }
- }
- if(llNum != rrNum) {
- return(0);
- }
-
- /* make sure that all ll attrs are equal to rr attrs */
- for(ii = 0; ii < llSize; ++ii) {
- if(ll[ii].key == NULL) {
- continue;
- }
-
- tmp = xmlSecGnuTLSDnAttrrsFind(rr, rrSize, ll[ii].key);
- if(tmp == NULL) {
- return(0); /* attribute was not found */
- }
-
- if(!xmlStrEqual(ll[ii].value, tmp->value)) {
- return(0); /* different values */
- }
- }
-
- /* good!!! */
- return(1);
-}
-
-/*
-Distinguished name syntax
-
-The formal syntax for a Distinguished Name (DN) is based on RFC 2253.
-The Backus Naur Form (BNF) syntax is defined as follows:
-
- <name> ::= <name-component> ( <spaced-separator> )
- | <name-component> <spaced-separator> <name>
-
- <spaced-separator> ::= <optional-space>
- <separator>
- <optional-space>
-
- <separator> ::= "," | ";"
-
- <optional-space> ::= ( <CR> ) *( " " )
-
- <name-component> ::= <attribute>
- | <attribute> <optional-space> "+"
- <optional-space> <name-component>
-
- <attribute> ::= <string>
- | <key> <optional-space> "=" <optional-space> <string>
-
- <key> ::= 1*( <keychar> ) | "OID." <oid> | "oid." <oid>
- <keychar> ::= letters, numbers, and space
-
- <oid> ::= <digitstring> | <digitstring> "." <oid>
- <digitstring> ::= 1*<digit>
- <digit> ::= digits 0-9
-
- <string> ::= *( <stringchar> | <pair> )
- | '"' *( <stringchar> | <special> | <pair> ) '"'
- | "#" <hex>
-
-
- <special> ::= "," | "=" | <CR> | "+" | "<" | ">"
- | "#" | ";"
-
- <pair> ::= "\" ( <special> | "\" | '"')
- <stringchar> ::= any character except <special> or "\" or '"'
-
-
- <hex> ::= 2*<hexchar>
- <hexchar> ::= 0-9, a-f, A-F
-
-A semicolon (;) character can be used to separate RDNs in a distinguished name,
-although the comma (,) character is the typical notation.
-
-White-space characters (spaces) might be present on either side of the comma or
-semicolon. The white-space characters are ignored, and the semicolon is replaced
-with a comma.
-
-In addition, space (' ' ASCII 32) characters may be present either before or
-after a '+' or '='. These space characters are ignored when parsing.
-*/
-enum xmlSecGnuTLSDnParseState {
- xmlSecGnuTLSDnParseState_BeforeNameComponent = 0,
- xmlSecGnuTLSDnParseState_Key,
- xmlSecGnuTLSDnParseState_BeforeString,
- xmlSecGnuTLSDnParseState_String,
- xmlSecGnuTLSDnParseState_QuotedString,
- xmlSecGnuTLSDnParseState_AfterQuotedString
-};
-
-#define XMLSEC_GNUTLS_IS_SPACE(ch) \
- (((ch) == ' ') || ((ch) == '\n') || ((ch) == '\r'))
-
-int
-xmlSecGnuTLSDnAttrsParse(const xmlChar * dn,
- xmlSecGnuTLSDnAttr * attrs, xmlSecSize attrsSize)
-{
- xmlChar * tmp = NULL;
- xmlChar * p;
- xmlChar ch;
- enum xmlSecGnuTLSDnParseState state;
- int slash;
- xmlSecSize pos;
- int res = -1;
-
- xmlSecAssert2(dn != NULL, -1);
- xmlSecAssert2(attrs != NULL, -1);
- xmlSecAssert2(attrsSize > 0, -1);
-
- /* allocate buffer, we don't need more than string */
- tmp = (xmlChar *)xmlMalloc(xmlStrlen(dn) + 1);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(xmlStrlen(dn) + 1));
- goto done;
- }
-
- /* state machine */
- state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
- slash = 0;
- pos = 0;
- p = tmp;
- for(ch = (*dn); ; ch = *(++dn)) {
- switch(state) {
- case xmlSecGnuTLSDnParseState_BeforeNameComponent:
- if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
- *(p++) = ch; /* we are sure we have enough buffer */
- state = xmlSecGnuTLSDnParseState_Key;
- } else {
- /* just skip space */
- }
- break;
- case xmlSecGnuTLSDnParseState_Key:
- /* we don't support
- 1) <attribute><optional-space>"+"<optional-space><name-component>
- 2) <attribute> ::= <string>
- */
- if(ch != '=') {
- *(p++) = ch; /* we are sure we have enough buffer */
- } else {
- *(p) = '\0';
- /* remove spaces back */
- while((p > tmp) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) {
- *(--p) = '\0';
- }
-
- /* insert into the attrs */
- if(pos >= attrsSize) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Not enough space: size=%d", (int)attrsSize);
- goto done;
- }
- attrs[pos].key = xmlStrdup(tmp);
- if(attrs[pos].key == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(xmlStrlen(tmp) + 1));
- goto done;
- }
-
- state = xmlSecGnuTLSDnParseState_BeforeString;
- p = tmp;
- }
- break;
- case xmlSecGnuTLSDnParseState_BeforeString:
- if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
- if(ch != '\"') {
- state = xmlSecGnuTLSDnParseState_String;
- slash = 0;
- --dn; /* small hack, so we can look at the same char
- again with the correct state */
- } else {
- state = xmlSecGnuTLSDnParseState_QuotedString;
- slash = 0;
- }
- } else {
- /* just skip space */
- }
- break;
- case xmlSecGnuTLSDnParseState_String:
- if(slash == 1) {
- *(p++) = ch; /* we are sure we have enough buffer */
- slash = 0;
- } else if(ch == '\\') {
- slash = 1;
- } else if((ch == ',') || (ch == ';') || (ch == '\0')) {
- *(p) = '\0';
- /* remove spaces back */
- while((p > tmp) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) {
- *(--p) = '\0';
- }
-
- attrs[pos].value = xmlStrdup(tmp);
- if(attrs[pos].value == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(xmlStrlen(tmp) + 1));
- goto done;
- }
- state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
- ++pos;
- p = tmp;
- } else {
- *(p++) = ch; /* we are sure we have enough buffer */
- }
- break;
- case xmlSecGnuTLSDnParseState_QuotedString:
- if(slash == 1) {
- *(p++) = ch; /* we are sure we have enough buffer */
- slash = 0;
- } else if(ch == '\\') {
- slash = 1;
- } else if(ch == '\"') {
- *(p) = '\0';
- /* don't remove spaces for quoted string */
-
- attrs[pos].value = xmlStrdup(tmp);
- if(attrs[pos].value == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlStrdup",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(xmlStrlen(tmp) + 1));
- goto done;
- }
- state = xmlSecGnuTLSDnParseState_AfterQuotedString;
- ++pos;
- p = tmp;
- } else {
- *(p++) = ch; /* we are sure we have enough buffer */
- }
- break;
- case xmlSecGnuTLSDnParseState_AfterQuotedString:
- if(!XMLSEC_GNUTLS_IS_SPACE(ch)) {
- if((ch == ',') || (ch == ';') || (ch == '\0')) {
- state = xmlSecGnuTLSDnParseState_BeforeNameComponent;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Unexpected character %c (expected space or ',' or ';')",
- ch);
- goto done;
- }
- } else {
- /* just skip space */
- }
- break;
- }
-
- if(ch == '\0') {
- /* done */
- break;
- }
- }
-
- /* check end state */
- if(state != xmlSecGnuTLSDnParseState_BeforeNameComponent) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "Unexpected state %d at the end of parsing",
- (int)state);
- goto done;
- }
-
- /* debug
- {
- xmlSecSize ii;
- for(ii = 0; ii < attrsSize; ++ii) {
- if(attrs[ii].key != NULL) {
- printf("DEBUG: attrs - %s=>%s\n", attrs[ii].key, attrs[ii].value);
- }
- }
- }
- */
-
- /* done */
- res = 0;
-
-done:
- if(tmp != NULL) {
- xmlFree(tmp);
- }
- return(res);
-}
-
-
-#endif /* XMLSEC_NO_X509 */
-
-
-
diff --git a/src/gnutls/x509utils.h b/src/gnutls/x509utils.h
deleted file mode 100644
index b939b248..00000000
--- a/src/gnutls/x509utils.h
+++ /dev/null
@@ -1,143 +0,0 @@
-/*
- * XML Security Library
- *
- * THIS IS A PRIVATE XMLSEC HEADER FILE
- * DON'T USE IT IN YOUR APPLICATION
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#ifndef __XMLSEC_GNUTLS_X509UTILS_H__
-#define __XMLSEC_GNUTLS_X509UTILS_H__
-
-#ifndef XMLSEC_PRIVATE
-#error "gnutls/x509utils.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-<crypto> libraries"
-#endif /* XMLSEC_PRIVATE */
-
-#ifdef __cplusplus
-extern "C" {
-#endif /* __cplusplus */
-
-#ifndef XMLSEC_NO_X509
-
-/**************************************************************************
- *
- * X509 certs list
- *
- *****************************************************************************/
-#define xmlSecGnuTLSX509CrtListId \
- xmlSecGnuTLSX509CrtListGetKlass()
-xmlSecPtrListId xmlSecGnuTLSX509CrtListGetKlass (void);
-
-/**************************************************************************
- *
- * X509 crls list
- *
- *****************************************************************************/
-#define xmlSecGnuTLSX509CrlListId \
- xmlSecGnuTLSX509CrlListGetKlass()
-xmlSecPtrListId xmlSecGnuTLSX509CrlListGetKlass (void);
-
-/*************************************************************************
- *
- * x509 certs utils/helpers
- *
- ************************************************************************/
-gnutls_x509_crt_t xmlSecGnuTLSX509CertDup (gnutls_x509_crt_t src);
-xmlChar * xmlSecGnuTLSX509CertGetSubjectDN (gnutls_x509_crt_t cert);
-xmlChar * xmlSecGnuTLSX509CertGetIssuerDN (gnutls_x509_crt_t cert);
-xmlChar * xmlSecGnuTLSX509CertGetIssuerSerial (gnutls_x509_crt_t cert);
-xmlChar * xmlSecGnuTLSX509CertGetSKI (gnutls_x509_crt_t cert);
-gnutls_x509_crt_t xmlSecGnuTLSX509CertRead (const xmlSecByte* buf,
- xmlSecSize size,
- xmlSecKeyDataFormat format);
-gnutls_x509_crt_t xmlSecGnuTLSX509CertBase64DerRead (xmlChar* buf);
-xmlChar* xmlSecGnuTLSX509CertBase64DerWrite (gnutls_x509_crt_t cert,
- int base64LineWrap);
-void xmlSecGnuTLSX509CertDebugDump (gnutls_x509_crt_t cert,
- FILE* output);
-void xmlSecGnuTLSX509CertDebugXmlDump (gnutls_x509_crt_t cert,
- FILE* output);
-
-/*************************************************************************
- *
- * x509 crls utils/helpers
- *
- ************************************************************************/
-gnutls_x509_crl_t xmlSecGnuTLSX509CrlDup (gnutls_x509_crl_t src);
-xmlChar * xmlSecGnuTLSX509CrLGetIssuerDN (gnutls_x509_crl_t crl);
-gnutls_x509_crl_t xmlSecGnuTLSX509CrlRead (const xmlSecByte* buf,
- xmlSecSize size,
- xmlSecKeyDataFormat format);
-gnutls_x509_crl_t xmlSecGnuTLSX509CrlBase64DerRead (xmlChar* buf);
-xmlChar* xmlSecGnuTLSX509CrlBase64DerWrite (gnutls_x509_crl_t crl,
- int base64LineWrap);
-void xmlSecGnuTLSX509CrlDebugDump (gnutls_x509_crl_t crl,
- FILE* output);
-void xmlSecGnuTLSX509CrlDebugXmlDump (gnutls_x509_crl_t crl,
- FILE* output);
-
-/*************************************************************************
- *
- * Misc. utils/helpers
- *
- ************************************************************************/
-xmlChar* xmlSecGnuTLSASN1IntegerWrite (const unsigned char * data,
- size_t len);
-
-
-
-/*************************************************************************
- *
- * pkcs12 utils/helpers
- *
- ************************************************************************/
-int xmlSecGnuTLSPkcs12LoadMemory (const xmlSecByte* data,
- xmlSecSize dataSize,
- const char *pwd,
- gnutls_x509_privkey_t * priv_key,
- gnutls_x509_crt_t * key_cert,
- xmlSecPtrListPtr certsList);
-
-/*************************************************************************
- *
- * keydata utils/helpers
- *
- ************************************************************************/
-xmlSecKeyDataPtr xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key);
-
-
-/*************************************************************************
- *
- * LDAP DN parser
- *
- ************************************************************************/
-typedef struct _xmlSecGnuTLSDnAttr {
- xmlChar * key;
- xmlChar * value;
-} xmlSecGnuTLSDnAttr;
-
-void xmlSecGnuTLSDnAttrsInitialize (xmlSecGnuTLSDnAttr * attrs,
- xmlSecSize attrsSize);
-void xmlSecGnuTLSDnAttrsDeinitialize (xmlSecGnuTLSDnAttr * attrs,
- xmlSecSize attrsSize);
-const xmlSecGnuTLSDnAttr * xmlSecGnuTLSDnAttrrsFind (const xmlSecGnuTLSDnAttr * attrs,
- xmlSecSize attrsSize,
- const xmlChar * key);
-int xmlSecGnuTLSDnAttrsEqual (const xmlSecGnuTLSDnAttr * ll,
- xmlSecSize llSize,
- const xmlSecGnuTLSDnAttr * rr,
- xmlSecSize rrSize);
-int xmlSecGnuTLSDnAttrsParse (const xmlChar * dn,
- xmlSecGnuTLSDnAttr * attrs,
- xmlSecSize attrsSize);
-#endif /* XMLSEC_NO_X509 */
-
-#ifdef __cplusplus
-}
-#endif /* __cplusplus */
-
-
-#endif /* ! __XMLSEC_GNUTLS_X509UTILS_H__ */
diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c
deleted file mode 100644
index fd15c5ac..00000000
--- a/src/gnutls/x509vfy.c
+++ /dev/null
@@ -1,802 +0,0 @@
-/**
- * XMLSec library
- *
- * X509 support
- *
- *
- * This is free software; see Copyright file in the source
- * distribution for preciese wording.
- *
- * Copyright (C) 2010 Aleksey Sanin <aleksey@aleksey.com>
- */
-#include "globals.h"
-
-#ifndef XMLSEC_NO_X509
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include <libxml/tree.h>
-
-#include <xmlsec/xmlsec.h>
-#include <xmlsec/xmltree.h>
-#include <xmlsec/keys.h>
-#include <xmlsec/keyinfo.h>
-#include <xmlsec/keysmngr.h>
-#include <xmlsec/base64.h>
-#include <xmlsec/errors.h>
-
-#include <xmlsec/gnutls/crypto.h>
-#include <xmlsec/gnutls/x509.h>
-
-#include "x509utils.h"
-
-/**************************************************************************
- *
- * Internal GnuTLS X509 store CTX
- *
- *************************************************************************/
-typedef struct _xmlSecGnuTLSX509StoreCtx xmlSecGnuTLSX509StoreCtx,
- *xmlSecGnuTLSX509StoreCtxPtr;
-struct _xmlSecGnuTLSX509StoreCtx {
- xmlSecPtrList certsTrusted;
- xmlSecPtrList certsUntrusted;
-};
-
-/****************************************************************************
- *
- * xmlSecGnuTLSKeyDataStoreX509Id:
- *
- * xmlSecGnuTLSX509StoreCtx is located after xmlSecTransform
- *
- ***************************************************************************/
-#define xmlSecGnuTLSX509StoreGetCtx(store) \
- ((xmlSecGnuTLSX509StoreCtxPtr)(((xmlSecByte*)(store)) + \
- sizeof(xmlSecKeyDataStoreKlass)))
-#define xmlSecGnuTLSX509StoreSize \
- (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecGnuTLSX509StoreCtx))
-
-static int xmlSecGnuTLSX509StoreInitialize (xmlSecKeyDataStorePtr store);
-static void xmlSecGnuTLSX509StoreFinalize (xmlSecKeyDataStorePtr store);
-
-static xmlSecKeyDataStoreKlass xmlSecGnuTLSX509StoreKlass = {
- sizeof(xmlSecKeyDataStoreKlass),
- xmlSecGnuTLSX509StoreSize,
-
- /* data */
- xmlSecNameX509Store, /* const xmlChar* name; */
-
- /* constructors/destructor */
- xmlSecGnuTLSX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */
- xmlSecGnuTLSX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */
-
- /* reserved for the future */
- NULL, /* void* reserved0; */
- NULL, /* void* reserved1; */
-};
-
-static gnutls_x509_crt_t xmlSecGnuTLSX509FindCert (xmlSecPtrListPtr certs,
- const xmlChar *subjectName,
- const xmlChar *issuerName,
- const xmlChar *issuerSerial,
- const xmlChar *ski);
-static gnutls_x509_crt_t xmlSecGnuTLSX509FindSignedCert (xmlSecPtrListPtr certs,
- gnutls_x509_crt_t cert);
-static gnutls_x509_crt_t xmlSecGnuTLSX509FindSignerCert (xmlSecPtrListPtr certs,
- gnutls_x509_crt_t cert);
-
-
-/**
- * xmlSecGnuTLSX509StoreGetKlass:
- *
- * The GnuTLS X509 certificates key data store klass.
- *
- * Returns: pointer to GnuTLS X509 certificates key data store klass.
- */
-xmlSecKeyDataStoreId
-xmlSecGnuTLSX509StoreGetKlass(void) {
- return(&xmlSecGnuTLSX509StoreKlass);
-}
-
-/**
- * xmlSecGnuTLSX509StoreFindCert:
- * @store: the pointer to X509 key data store klass.
- * @subjectName: the desired certificate name.
- * @issuerName: the desired certificate issuer name.
- * @issuerSerial: the desired certificate issuer serial number.
- * @ski: the desired certificate SKI.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
- * Searches @store for a certificate that matches given criteria.
- *
- * Returns: pointer to found certificate or NULL if certificate is not found
- * or an error occurs.
- */
-gnutls_x509_crt_t
-xmlSecGnuTLSX509StoreFindCert(xmlSecKeyDataStorePtr store,
- const xmlChar *subjectName,
- const xmlChar *issuerName,
- const xmlChar *issuerSerial,
- const xmlChar *ski,
- const xmlSecKeyInfoCtx* keyInfoCtx) {
- xmlSecGnuTLSX509StoreCtxPtr ctx;
- gnutls_x509_crt_t res = NULL;
-
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
- xmlSecAssert2(keyInfoCtx != NULL, NULL);
-
- ctx = xmlSecGnuTLSX509StoreGetCtx(store);
- xmlSecAssert2(ctx != NULL, NULL);
-
- if(res == NULL) {
- res = xmlSecGnuTLSX509FindCert(&(ctx->certsTrusted), subjectName, issuerName, issuerSerial, ski);
- }
- if(res == NULL) {
- res = xmlSecGnuTLSX509FindCert(&(ctx->certsUntrusted), subjectName, issuerName, issuerSerial, ski);
- }
- return(res);
-}
-
-static int
-xmlSecGnuTLSX509CheckTime(const gnutls_x509_crt_t * cert_list,
- xmlSecSize cert_list_length,
- time_t ts)
-{
- time_t notValidBefore, notValidAfter;
- xmlSecSize ii;
-
- xmlSecAssert2(cert_list != NULL, -1);
-
- for(ii = 0; ii < cert_list_length; ++ii) {
- const gnutls_x509_crt_t cert = cert_list[ii];
- if(cert == NULL) {
- continue;
- }
-
- /* get expiration times */
- notValidBefore = gnutls_x509_crt_get_activation_time(cert);
- if(notValidBefore == (time_t)-1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_activation_time",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- notValidAfter = gnutls_x509_crt_get_expiration_time(cert);
- if(notValidAfter == (time_t)-1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_get_expiration_time",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- /* check */
- if(ts < notValidBefore) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_CERT_NOT_YET_VALID,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
- }
- if(ts > notValidAfter) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- NULL,
- XMLSEC_ERRORS_R_CERT_HAS_EXPIRED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(0);
- }
- }
-
- /* GOOD! */
- return(1);
-}
-
-/**
- * xmlSecGnuTLSX509StoreVerify:
- * @store: the pointer to X509 key data store klass.
- * @certs: the untrusted certificates.
- * @crls: the crls.
- * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context.
- *
- * Verifies @certs list.
- *
- * Returns: pointer to the first verified certificate from @certs.
- */
-gnutls_x509_crt_t
-xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store,
- xmlSecPtrListPtr certs,
- xmlSecPtrListPtr crls,
- const xmlSecKeyInfoCtx* keyInfoCtx) {
- xmlSecGnuTLSX509StoreCtxPtr ctx;
- gnutls_x509_crt_t res = NULL;
- xmlSecSize certs_size = 0;
- gnutls_x509_crt_t * cert_list = NULL;
- xmlSecSize cert_list_length;
- gnutls_x509_crl_t * crl_list = NULL;
- xmlSecSize crl_list_length;
- gnutls_x509_crt_t * ca_list = NULL;
- xmlSecSize ca_list_length;
- time_t verification_time;
- unsigned int flags = 0;
- xmlSecSize ii;
- int ret;
- int err;
-
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), NULL);
- xmlSecAssert2(certs != NULL, NULL);
- xmlSecAssert2(crls != NULL, NULL);
- xmlSecAssert2(keyInfoCtx != NULL, NULL);
-
- certs_size = xmlSecPtrListGetSize(certs);
- if(certs_size <= 0) {
- /* nothing to do */
- return(NULL);
- }
-
- ctx = xmlSecGnuTLSX509StoreGetCtx(store);
- xmlSecAssert2(ctx != NULL, NULL);
-
- /* Prepare */
- cert_list_length = certs_size + xmlSecPtrListGetSize(&(ctx->certsUntrusted));
- if(cert_list_length > 0) {
- cert_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * cert_list_length);
- if(cert_list == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(sizeof(gnutls_x509_crt_t) * cert_list_length));
- goto done;
- }
- }
- crl_list_length = xmlSecPtrListGetSize(crls);
- if(crl_list_length > 0) {
- crl_list = (gnutls_x509_crl_t *)xmlMalloc(sizeof(gnutls_x509_crl_t) * crl_list_length);
- if(crl_list == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(sizeof(gnutls_x509_crl_t) * crl_list_length));
- goto done;
- }
- for(ii = 0; ii < crl_list_length; ++ii) {
- crl_list[ii] = xmlSecPtrListGetItem(crls, ii);
- if(crl_list[ii] == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListGetItem(crls)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
- }
-
- ca_list_length = xmlSecPtrListGetSize(&(ctx->certsTrusted));
- if(ca_list_length > 0) {
- ca_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * ca_list_length);
- if(ca_list == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlMalloc",
- XMLSEC_ERRORS_R_MALLOC_FAILED,
- "size=%d", (int)(sizeof(gnutls_x509_crt_t) * ca_list_length));
- goto done;
- }
- for(ii = 0; ii < ca_list_length; ++ii) {
- ca_list[ii] = xmlSecPtrListGetItem(&(ctx->certsTrusted), ii);
- if(ca_list[ii] == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListGetItem(certsTrusted)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
- }
- }
-
- /* gnutls doesn't allow to specify "verification" timestamp so
- we have to do it ourselves */
- verification_time = (keyInfoCtx->certsVerificationTime > 0) ?
- keyInfoCtx->certsVerificationTime :
- time(0);
- flags |= GNUTLS_VERIFY_DISABLE_TIME_CHECKS;
-
- if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) {
- flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2;
- flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5;
- }
-
- /* We are going to build all possible cert chains and try to verify them */
- for(ii = 0; (ii < certs_size) && (res == NULL); ++ii) {
- gnutls_x509_crt_t cert, cert2;
- xmlSecSize cert_list_cur_length = 0;
- unsigned int verify = 0;
-
- cert = xmlSecPtrListGetItem(certs, ii);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListGetItem(certs)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* check if we are the "leaf" node in the certs chain */
- if(xmlSecGnuTLSX509FindSignedCert(certs, cert) != NULL) {
- continue;
- }
-
- /* build the chain */
- for(cert2 = cert, cert_list_cur_length = 0;
- (cert2 != NULL) && (cert_list_cur_length < cert_list_length);
- ++cert_list_cur_length)
- {
- gnutls_x509_crt_t tmp;
-
- /* store */
- cert_list[cert_list_cur_length] = cert2;
-
- /* find next */
- tmp = xmlSecGnuTLSX509FindSignerCert(certs, cert2);
- if(tmp == NULL) {
- tmp = xmlSecGnuTLSX509FindSignerCert(&(ctx->certsUntrusted), cert2);
- }
- cert2 = tmp;
- }
-
- /* try to verify */
- err = gnutls_x509_crt_list_verify(
- cert_list, (int)cert_list_cur_length, /* certs chain */
- ca_list, (int)ca_list_length, /* trusted cas */
- crl_list, (int)crl_list_length, /* crls */
- flags, /* flags */
- &verify);
- if(err != GNUTLS_E_SUCCESS) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_list_verify",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- XMLSEC_GNUTLS_REPORT_ERROR(err));
- /* don't stop, continue! */
- continue;
- } else if(verify != 0){
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "gnutls_x509_crt_list_verify",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Verification failed: verify=%u", verify);
- /* don't stop, continue! */
- continue;
- }
-
- /* gnutls doesn't allow to specify "verification" timestamp so
- we have to do it ourselves */
- ret = xmlSecGnuTLSX509CheckTime(cert_list, cert_list_cur_length, verification_time);
- if(ret != 1) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "",
- XMLSEC_ERRORS_R_CRYPTO_FAILED,
- "Time verification failed");
- /* don't stop, continue! */
- continue;
- }
-
- /* DONE! */
- res = cert;
- }
-
-done:
- /* cleanup */
- if(ca_list != NULL) {
- xmlFree(ca_list);
- }
- if(crl_list != NULL) {
- xmlFree(crl_list);
- }
- if(cert_list != NULL) {
- xmlFree(cert_list);
- }
-
- return(res);
-}
-
-/**
- * xmlSecGnuTLSX509StoreAdoptCert:
- * @store: the pointer to X509 key data store klass.
- * @cert: the pointer to GnuTLS X509 certificate.
- * @type: the certificate type (trusted/untrusted).
- *
- * Adds trusted (root) or untrusted certificate to the store.
- *
- * Returns: 0 on success or a negative value if an error occurs.
- */
-int
-xmlSecGnuTLSX509StoreAdoptCert(xmlSecKeyDataStorePtr store, gnutls_x509_crt_t cert, xmlSecKeyDataType type) {
- xmlSecGnuTLSX509StoreCtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), -1);
- xmlSecAssert2(cert != NULL, -1);
-
- ctx = xmlSecGnuTLSX509StoreGetCtx(store);
- xmlSecAssert2(ctx != NULL, -1);
-
- if((type & xmlSecKeyDataTypeTrusted) != 0) {
- ret = xmlSecPtrListAdd(&(ctx->certsTrusted), cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListAdd(trusted)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- } else {
- ret = xmlSecPtrListAdd(&(ctx->certsUntrusted), cert);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListAdd(untrusted)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
- }
-
- /* done */
- return(0);
-}
-
-static int
-xmlSecGnuTLSX509StoreInitialize(xmlSecKeyDataStorePtr store) {
- xmlSecGnuTLSX509StoreCtxPtr ctx;
- int ret;
-
- xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId), -1);
-
- ctx = xmlSecGnuTLSX509StoreGetCtx(store);
- xmlSecAssert2(ctx != NULL, -1);
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSX509StoreCtx));
-
- ret = xmlSecPtrListInitialize(&(ctx->certsTrusted), xmlSecGnuTLSX509CrtListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListInitialize(trusted)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- ret = xmlSecPtrListInitialize(&(ctx->certsUntrusted), xmlSecGnuTLSX509CrtListId);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)),
- "xmlSecPtrListInitialize(untrusted)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- return(-1);
- }
-
- return(0);
-}
-
-static void
-xmlSecGnuTLSX509StoreFinalize(xmlSecKeyDataStorePtr store) {
- xmlSecGnuTLSX509StoreCtxPtr ctx;
- xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecGnuTLSX509StoreId));
-
- ctx = xmlSecGnuTLSX509StoreGetCtx(store);
- xmlSecAssert(ctx != NULL);
-
- xmlSecPtrListFinalize(&(ctx->certsTrusted));
- xmlSecPtrListFinalize(&(ctx->certsUntrusted));
-
- memset(ctx, 0, sizeof(xmlSecGnuTLSX509StoreCtx));
-}
-
-
-/*****************************************************************************
- *
- * Low-level x509 functions
- *
- *****************************************************************************/
-#define XMLSEC_GNUTLS_DN_ATTRS_SIZE 1024
-static int
-xmlSecGnuTLSX509DnsEqual(const xmlChar * ll, const xmlChar * rr) {
- xmlSecGnuTLSDnAttr ll_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE];
- xmlSecGnuTLSDnAttr rr_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE];
- int ret;
- int res = -1;
-
- xmlSecAssert2(ll != NULL, -1);
- xmlSecAssert2(rr != NULL, -1);
-
- /* fast version first */
- if(xmlStrEqual(ll, rr)) {
- return(1);
- }
-
- /* prepare */
- xmlSecGnuTLSDnAttrsInitialize(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
- xmlSecGnuTLSDnAttrsInitialize(rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
-
- /* parse */
- ret = xmlSecGnuTLSDnAttrsParse(ll, ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSDnAttrsParse(ll)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- ret = xmlSecGnuTLSDnAttrsParse(rr, rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
- if(ret < 0) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSDnAttrsParse(rr)",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* compare */
- ret = xmlSecGnuTLSDnAttrsEqual(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE,
- rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
- if(ret == 1) {
- res = 1;
- } else if(ret == 0) {
- res = 0;
- } else {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSDnAttrsEqual",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
-done:
- xmlSecGnuTLSDnAttrsDeinitialize(ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
- xmlSecGnuTLSDnAttrsDeinitialize(rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE);
- return(res);
-}
-
-static gnutls_x509_crt_t
-xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs,
- const xmlChar *subjectName,
- const xmlChar *issuerName,
- const xmlChar *issuerSerial,
- const xmlChar *ski) {
- xmlSecSize ii, sz;
-
- xmlSecAssert2(certs != NULL, NULL);
-
- /* todo: this is not the fastest way to search certs */
- sz = xmlSecPtrListGetSize(certs);
- for(ii = 0; (ii < sz); ++ii) {
- gnutls_x509_crt_t cert = xmlSecPtrListGetItem(certs, ii);
- if(cert == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- return(NULL);
- }
-
- if(subjectName != NULL) {
- xmlChar * tmp;
-
- tmp = xmlSecGnuTLSX509CertGetSubjectDN(cert);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetSubjectDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- return(NULL);
- }
-
- if(xmlSecGnuTLSX509DnsEqual(subjectName, tmp) == 1) {
- xmlFree(tmp);
- return(cert);
- }
- xmlFree(tmp);
- } else if((issuerName != NULL) && (issuerSerial != NULL)) {
- xmlChar * tmp1;
- xmlChar * tmp2;
-
- tmp1 = xmlSecGnuTLSX509CertGetIssuerDN(cert);
- if(tmp1 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetIssuerDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- return(NULL);
- }
-
- tmp2 = xmlSecGnuTLSX509CertGetIssuerSerial(cert);
- if(tmp2 == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetIssuerSerial",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- xmlFree(tmp1);
- return(NULL);
- }
-
- if((xmlSecGnuTLSX509DnsEqual(issuerName, tmp1) == 1) && xmlStrEqual(issuerSerial, tmp2)) {
- xmlFree(tmp1);
- xmlFree(tmp2);
- return(cert);
- }
- xmlFree(tmp1);
- xmlFree(tmp2);
- } else if(ski != NULL) {
- xmlChar * tmp;
-
- tmp = xmlSecGnuTLSX509CertGetSKI(cert);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetSKI",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- return(NULL);
- }
-
- if(xmlStrEqual(ski, tmp)) {
- xmlFree(tmp);
- return(cert);
- }
- xmlFree(tmp);
- }
- }
-
- return(NULL);
-}
-
-/* signed cert has issuer dn equal to our's subject dn */
-static gnutls_x509_crt_t
-xmlSecGnuTLSX509FindSignedCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) {
- gnutls_x509_crt_t res = NULL;
- xmlChar * subject = NULL;
- xmlSecSize ii, sz;
-
- xmlSecAssert2(certs != NULL, NULL);
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get subject */
- subject = xmlSecGnuTLSX509CertGetSubjectDN(cert);
- if(subject == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetSubjectDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* todo: this is not the fastest way to search certs */
- sz = xmlSecPtrListGetSize(certs);
- for(ii = 0; (ii < sz) && (res == NULL); ++ii) {
- gnutls_x509_crt_t tmp;
- xmlChar * issuer;
-
- tmp = xmlSecPtrListGetItem(certs, ii);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- goto done;
- }
-
- issuer = xmlSecGnuTLSX509CertGetIssuerDN(tmp);
- if(issuer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetIssuerDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- goto done;
- }
-
- /* are we done? */
- if(xmlSecGnuTLSX509DnsEqual(subject, issuer) == 1) {
- res = tmp;
- }
- xmlFree(issuer);
- }
-
-done:
- if(subject != NULL) {
- xmlFree(subject);
- }
- return(res);
-}
-
-/* signer cert has subject dn equal to our's issuer dn */
-static gnutls_x509_crt_t
-xmlSecGnuTLSX509FindSignerCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) {
- gnutls_x509_crt_t res = NULL;
- xmlChar * issuer = NULL;
- xmlSecSize ii, sz;
-
- xmlSecAssert2(certs != NULL, NULL);
- xmlSecAssert2(cert != NULL, NULL);
-
- /* get issuer */
- issuer = xmlSecGnuTLSX509CertGetIssuerDN(cert);
- if(issuer == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetIssuerDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE);
- goto done;
- }
-
- /* todo: this is not the fastest way to search certs */
- sz = xmlSecPtrListGetSize(certs);
- for(ii = 0; (ii < sz) && (res == NULL); ++ii) {
- gnutls_x509_crt_t tmp;
- xmlChar * subject;
-
- tmp = xmlSecPtrListGetItem(certs, ii);
- if(tmp == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecPtrListGetItem",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- goto done;
- }
-
- subject = xmlSecGnuTLSX509CertGetSubjectDN(tmp);
- if(subject == NULL) {
- xmlSecError(XMLSEC_ERRORS_HERE,
- NULL,
- "xmlSecGnuTLSX509CertGetSubjectDN",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- "pos=%i", (int)ii);
- goto done;
- }
-
- /* are we done? */
- if((xmlSecGnuTLSX509DnsEqual(issuer, subject) == 1)) {
- res = tmp;
- }
- xmlFree(subject);
- }
-
-done:
- if(issuer != NULL) {
- xmlFree(issuer);
- }
- return(res);
-}
-
-#endif /* XMLSEC_NO_X509 */
-
-
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 13:28:00 +0000