diff options
Diffstat (limited to 'src/mscrypto/certkeys.c')
-rw-r--r-- | src/mscrypto/certkeys.c | 2290 |
1 files changed, 1154 insertions, 1136 deletions
diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c index 90daa827..73a6c260 100644 --- a/src/mscrypto/certkeys.c +++ b/src/mscrypto/certkeys.c @@ -1,10 +1,10 @@ -/** +/** * XMLSec library * * This is free software; see Copyright file in the source * distribution for preciese wording. - * - * Copyright (C) 2003 Cordys R&D BV, All rights reserved. + * + * Copyrigth (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003 Aleksey Sanin <aleksey@aleksey.com> */ #include "globals.h" @@ -30,7 +30,10 @@ #include <xmlsec/mscrypto/certkeys.h> #include <xmlsec/mscrypto/crypto.h> #include <xmlsec/mscrypto/x509.h> -#include "private.h" + +#if defined(__MINGW32__) +# include "xmlsec-mingw.h" +#endif // GOST CSP don't support keys duplicating, so we use NT4 analogs for these... #ifndef XMLSEC_NO_GOST @@ -39,14 +42,15 @@ #endif #endif +#define XMLSEC_CONTAINER_NAME "xmlsec-key-container" /************************************************************************** * * Internal MSCrypto PCCERT_CONTEXT key CTX * *************************************************************************/ -typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx, - *xmlSecMSCryptoKeyDataCtxPtr; +typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx, + *xmlSecMSCryptoKeyDataCtxPtr; #ifdef XMLSEC_MSCRYPTO_NT4 /*- @@ -55,8 +59,8 @@ typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx, * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 */ struct _mscrypt_key { - HCRYPTKEY hKey ; - volatile LONG refcnt ; + HCRYPTKEY hKey ; + volatile LONG refcnt ; } ; /*- @@ -65,9 +69,9 @@ struct _mscrypt_key { * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 */ struct _mscrypt_prov { - HCRYPTPROV hProv ; + HCRYPTPROV hProv ; BOOL fCallerFreeProv ; - volatile LONG refcnt ; + volatile LONG refcnt ; } ; #endif /* XMLSEC_MSCRYPTO_NT4 */ @@ -80,18 +84,19 @@ struct _mscrypt_prov { */ struct _xmlSecMSCryptoKeyDataCtx { #ifndef XMLSEC_MSCRYPTO_NT4 - HCRYPTPROV hProv; - BOOL fCallerFreeProv; - HCRYPTKEY hKey; + HCRYPTPROV hProv; + BOOL fCallerFreeProv; + HCRYPTKEY hKey; #else /* XMLSEC_MSCRYPTO_NT4 */ - struct _mscrypt_prov* p_prov ; - struct _mscrypt_key* p_key ; + struct _mscrypt_prov* p_prov ; + struct _mscrypt_key* p_key ; #endif /* XMLSEC_MSCRYPTO_NT4 */ - PCCERT_CONTEXT pCert; - const xmlSecMSCryptoProviderInfo * providers; - DWORD dwKeySpec; - xmlSecKeyDataType type; -}; + PCCERT_CONTEXT pCert; + LPCTSTR providerName; + DWORD providerType; + DWORD dwKeySpec; + xmlSecKeyDataType type; +}; #ifndef XMLSEC_MSCRYPTO_NT4 @@ -102,28 +107,28 @@ static void xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; + ctx->hProv = 0; + ctx->fCallerFreeProv = FALSE; } static void xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - + if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { - CryptReleaseContext(ctx->hProv, 0); + CryptReleaseContext(ctx->hProv, 0); } - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; + ctx->hProv = 0; + ctx->fCallerFreeProv = FALSE; } static void xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv) { xmlSecAssert(ctx != NULL); - + xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); - ctx->hProv = hProv; + ctx->hProv = hProv; ctx->fCallerFreeProv = fCallerFreeProv; } @@ -136,21 +141,20 @@ xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xm if(ctxSrc->hProv != 0) { if(!CryptContextAddRef(ctxSrc->hProv, NULL, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptContextAddRef", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptContextAddRef", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); return(-1); } - ctxDst->hProv = ctxSrc->hProv; - ctxDst->fCallerFreeProv = TRUE; + ctxDst->hProv = ctxSrc->hProv; + ctxDst->fCallerFreeProv = TRUE; } return(0); } - /******************************** Key *****************************************/ #define xmlSecMSCryptoKeyDataCtxGetKey(ctx) ((ctx)->hKey) @@ -164,9 +168,9 @@ xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { static void xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - + if (ctx->hKey != 0) { - CryptDestroyKey(ctx->hKey); + CryptDestroyKey(ctx->hKey); } ctx->hKey = 0; } @@ -186,14 +190,14 @@ xmlSecMSCryptoKeyDataCtxDuplicateKey(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecM xmlSecMSCryptoKeyDataCtxDestroyKey(ctxDst); if (ctxSrc->hKey != 0) { - if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptDuplicateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptDuplicateKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } return(0); @@ -208,45 +212,45 @@ static void xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov)); - if(ctx->p_prov == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE, - "mscrypt_create_prov" , - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE - ); - } + ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov)); + if(ctx->p_prov == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_prov" , + NULL, + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ); + } memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov)); } static void xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - - if(ctx->p_prov != NULL) { - if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) { - if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { - CryptReleaseContext(ctx->p_prov->hProv, 0) ; - } + + if(ctx->p_prov != NULL) { + if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) { + if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { + CryptReleaseContext(ctx->p_prov->hProv, 0) ; + } memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov)); - xmlFree(ctx->p_prov) ; - } + xmlFree(ctx->p_prov) ; + } ctx->p_prov = NULL; - } + } } static void xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv) { xmlSecAssert(ctx != NULL); - + xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); if((ctx->p_prov != NULL) && (ctx->p_prov->refcnt == 1)) { - if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { - CryptReleaseContext(ctx->p_prov->hProv, 0) ; - } + if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { + CryptReleaseContext(ctx->p_prov->hProv, 0) ; + } memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov)); } else { xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); @@ -280,32 +284,32 @@ static void xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key)); - if(ctx->p_key == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE, - "mscrypt_create_key" , - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE - ); - } + ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key)); + if(ctx->p_key == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE, + "mscrypt_create_key" , + NULL, + XMLSEC_ERRORS_R_MALLOC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE + ); + } memset(ctx->p_key, 0, sizeof(struct _mscrypt_key)); } static void xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - - if(ctx->p_key != NULL) { - if(InterlockedDecrement(&(ctx->p_key->refcnt)) <= 0) { - if(ctx->p_key->hKey != 0) { - CryptDestroyKey(ctx->p_key->hKey) ; - } + + if(ctx->p_key != NULL) { + if(InterlockedDecrement(&(ctx->p_key->refcnt)) <= 0) { + if(ctx->p_key->hKey != 0) { + CryptDestroyKey(ctx->p_key->hKey) ; + } memset(ctx->p_key, 0, sizeof(struct _mscrypt_key)); - xmlFree(ctx->p_key) ; - } + xmlFree(ctx->p_key) ; + } ctx->p_key = NULL; - } + } } static void @@ -313,9 +317,9 @@ xmlSecMSCryptoKeyDataCtxSetKey(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTKEY hKey) xmlSecAssert(ctx != NULL); if((ctx->p_key != NULL) && (ctx->p_key->refcnt == 1)) { - if(ctx->p_key->hKey != 0) { - CryptDestroyKey(ctx->p_key->hKey) ; - } + if(ctx->p_key->hKey != 0) { + CryptDestroyKey(ctx->p_key->hKey) ; + } memset(ctx->p_key, 0, sizeof(struct _mscrypt_key)); } else { xmlSecMSCryptoKeyDataCtxDestroyKey(ctx); @@ -354,9 +358,9 @@ xmlSecMSCryptoKeyDataCtxCreateCert(xmlSecMSCryptoKeyDataCtxPtr ctx) { static void xmlSecMSCryptoKeyDataCtxDestroyCert(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - + if(ctx->pCert != NULL) { - CertFreeCertificateContext(ctx->pCert); + CertFreeCertificateContext(ctx->pCert); } ctx->pCert = NULL; } @@ -374,18 +378,18 @@ xmlSecMSCryptoKeyDataCtxDuplicateCert(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSec xmlSecAssert2(ctxDst != NULL, -1); xmlSecAssert2(ctxSrc != NULL, -1); - xmlSecMSCryptoKeyDataCtxDestroyCert(ctxDst); + xmlSecMSCryptoKeyDataCtxDestroyCert(ctxDst); if(ctxSrc->pCert != NULL) { - ctxDst->pCert = xmlSecMSCryptoCertDup(ctxSrc->pCert); - if(ctxDst->pCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoPCCDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - } + ctxDst->pCert = xmlSecMSCryptoCertDup(ctxSrc->pCert); + if(ctxDst->pCert == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecMSCryptoPCCDup", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } return(0); } @@ -394,25 +398,25 @@ xmlSecMSCryptoKeyDataCtxDuplicateCert(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSec * xmlSecMSCryptoKeyDataCtx is located after xmlSecTransform * *****************************************************************************/ -#define xmlSecMSCryptoKeyDataSize \ - (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoKeyDataCtx)) +#define xmlSecMSCryptoKeyDataSize \ + (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCryptoKeyDataCtx)) #define xmlSecMSCryptoKeyDataGetCtx(data) \ ((xmlSecMSCryptoKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData))) -static int xmlSecMSCryptoKeyDataDuplicate (xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src); -static void xmlSecMSCryptoKeyDataFinalize (xmlSecKeyDataPtr data); -static int xmlSecMSCryptoKeyDataGetSize (xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataDuplicate (xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src); +static void xmlSecMSCryptoKeyDataFinalize (xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGetSize (xmlSecKeyDataPtr data); /** * xmlSecMSCryptoKeyDataAdoptCert: - * @data: the pointer to MSCrypto pccert data. - * @pCert: the pointer to PCCERT key. + * @data: the pointer to MSCrypto pccert data. + * @pCert: the pointer to PCCERT key. * * Sets the value of key data. * * Returns: 0 on success or a negative value otherwise. */ -static int +static int xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { xmlSecMSCryptoKeyDataCtxPtr ctx; HCRYPTKEY hKey = 0; @@ -439,41 +443,43 @@ xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlS HCRYPTPROV hProv = 0; BOOL fCallerFreeProv = FALSE; - if (!CryptAcquireCertificatePrivateKey(pCert, - CRYPT_ACQUIRE_SILENT_FLAG | CRYPT_ACQUIRE_COMPARE_KEY_FLAG, - NULL, - &hProv, - &(ctx->dwKeySpec), - &fCallerFreeProv)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptAcquireCertificatePrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + if (!CryptAcquireCertificatePrivateKey(pCert, + CRYPT_ACQUIRE_COMPARE_KEY_FLAG, + NULL, + &hProv, + &(ctx->dwKeySpec), + &fCallerFreeProv)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptAcquireCertificatePrivateKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv); } else if((type & xmlSecKeyDataTypePublic) != 0){ - HCRYPTPROV hProv; - - hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, FALSE); - if (hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + HCRYPTPROV hProv = 0; + if (!CryptAcquireContext(&hProv, + NULL, + NULL, /* ctx->providerName, */ + ctx->providerType, + CRYPT_VERIFYCONTEXT)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, TRUE); - ctx->dwKeySpec = 0; + ctx->dwKeySpec = 0; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unsupported keytype"); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "Unsupported keytype"); + return(-1); } /* CryptImportPublicKeyInfo is only needed when a real key handle @@ -483,37 +489,37 @@ xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlS * so no unnessecary calls to CryptImportPublicKeyInfo are being * made. WK */ - if(!CryptImportPublicKeyInfo(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), - X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(pCert->pCertInfo->SubjectPublicKeyInfo), - &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptImportPublicKeyInfo", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + if(!CryptImportPublicKeyInfo(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(pCert->pCertInfo->SubjectPublicKeyInfo), + &hKey)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptImportPublicKeyInfo", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey); xmlSecMSCryptoKeyDataCtxSetCert(ctx, pCert); return(0); } -static int -xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data, - HCRYPTPROV hProv, - BOOL fCallerFreeProv, - HCRYPTKEY hKey, - DWORD dwKeySpec, - xmlSecKeyDataType type) { +static int +xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data, + HCRYPTPROV hProv, + BOOL fCallerFreeProv, + HCRYPTKEY hKey, + DWORD dwKeySpec, + xmlSecKeyDataType type) { xmlSecMSCryptoKeyDataCtxPtr ctx; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1); xmlSecAssert2(hKey != 0, -1); xmlSecAssert2(type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate), -1); - + ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -521,20 +527,20 @@ xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data, xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey); xmlSecMSCryptoKeyDataCtxSetCert(ctx, NULL); - ctx->dwKeySpec = dwKeySpec; - ctx->type = type; + ctx->dwKeySpec = dwKeySpec; + ctx->type = type; return(0); } /** * xmlSecMSCryptoKeyDataGetKey: - * @data: the key data to retrieve certificate from. + * @data: the key data to retrieve certificate from. * @type: type of key requested (public/private) * - * Native MSCrypto key retrieval from xmlsec keydata. The + * Native MSCrypto key retrieval from xmlsec keydata. The * returned HKEY must not be destroyed by the caller. - * + * * Returns: HKEY on success or NULL otherwise. */ HCRYPTKEY @@ -546,14 +552,14 @@ xmlSecMSCryptoKeyDataGetKey(xmlSecKeyDataPtr data, xmlSecKeyDataType type) { ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); - + return(xmlSecMSCryptoKeyDataCtxGetKey(ctx)); } /** * xmlSecMSCryptoKeyDataGetDecryptKey: - * @data: the key data pointer - * + * @data: the key data pointer + * * Native MSCrypto decrypt key retrieval from xmlsec keydata. The * returned HKEY must not be destroyed by the caller. * @@ -561,33 +567,33 @@ xmlSecMSCryptoKeyDataGetKey(xmlSecKeyDataPtr data, xmlSecKeyDataType type) { */ HCRYPTKEY xmlSecMSCryptoKeyDataGetDecryptKey(xmlSecKeyDataPtr data) { - xmlSecMSCryptoKeyDataCtxPtr ctx; - HCRYPTKEY hKey; - - xmlSecAssert2(xmlSecKeyDataIsValid(data), 0); - xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0); - - ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert2(ctx != NULL, 0); - - if( !CryptGetUserKey(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), AT_KEYEXCHANGE, &(hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetUserKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(0); - } - return (hKey); + xmlSecMSCryptoKeyDataCtxPtr ctx; + HCRYPTKEY hKey; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), 0); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), 0); + + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + + if( !CryptGetUserKey(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), AT_KEYEXCHANGE, &(hKey))) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptGetUserKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(0); + } + return (hKey); } /** * xmlSecMSCryptoKeyDataGetCert: - * @data: the key data to retrieve certificate from. - * - * Native MSCrypto certificate retrieval from xmlsec keydata. The + * @data: the key data to retrieve certificate from. + * + * Native MSCrypto certificate retrieval from xmlsec keydata. The * returned PCCERT_CONTEXT must not be released by the caller. - * + * * Returns: PCCERT_CONTEXT on success or NULL otherwise. */ PCCERT_CONTEXT @@ -599,18 +605,10 @@ xmlSecMSCryptoKeyDataGetCert(xmlSecKeyDataPtr data) { ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); - + return(xmlSecMSCryptoKeyDataCtxGetCert(ctx)); } -/** - * xmlSecMSCryptoKeyDataGetMSCryptoProvider: - * @data: the key data - * - * Gets crypto provider handle - * - * Returns: the crypto provider handler or 0 if there is an error. - */ HCRYPTPROV xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; @@ -624,14 +622,6 @@ xmlSecMSCryptoKeyDataGetMSCryptoProvider(xmlSecKeyDataPtr data) { return(xmlSecMSCryptoKeyDataCtxGetProvider(ctx)); } -/** - * xmlSecMSCryptoKeyDataGetMSCryptoKeySpec: - * @data: the key data - * - * Gets key spec info. - * - * Returns: the key spec info from key data - */ DWORD xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; @@ -645,7 +635,7 @@ xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) { return(ctx->dwKeySpec); } -static int +static int xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecMSCryptoKeyDataCtxPtr ctxDst; xmlSecMSCryptoKeyDataCtxPtr ctxSrc; @@ -662,42 +652,43 @@ xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(ctxSrc != NULL, -1); if(xmlSecMSCryptoKeyDataCtxDuplicateProvider(ctxDst, ctxSrc) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataCtxDuplicateProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "xmlSecMSCryptoKeyDataCtxDuplicateProvider", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } if(xmlSecMSCryptoKeyDataCtxDuplicateKey(ctxDst, ctxSrc) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataCtxDuplicateKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "xmlSecMSCryptoKeyDataCtxDuplicateKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } if(xmlSecMSCryptoKeyDataCtxDuplicateCert(ctxDst, ctxSrc) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataCtxDuplicateCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - ctxDst->dwKeySpec = ctxSrc->dwKeySpec; - ctxDst->providers = ctxSrc->providers; - ctxDst->type = ctxSrc->type; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), + "xmlSecMSCryptoKeyDataCtxDuplicateCert", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + + ctxDst->dwKeySpec = ctxSrc->dwKeySpec; + ctxDst->providerName = ctxSrc->providerName; + ctxDst->providerType = ctxSrc->providerType; + ctxDst->type = ctxSrc->type; return(0); } -static void +static void xmlSecMSCryptoKeyDataInitialize(xmlSecKeyDataPtr data) { - xmlSecMSCryptoKeyDataCtxPtr ctx; + xmlSecMSCryptoKeyDataCtxPtr ctx; xmlSecAssert(xmlSecKeyDataIsValid(data)); xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize)); @@ -712,16 +703,16 @@ xmlSecMSCryptoKeyDataInitialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxCreateCert(ctx); } -static void +static void xmlSecMSCryptoKeyDataFinalize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; - + xmlSecAssert(xmlSecKeyDataIsValid(data)); xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize)); ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert(ctx != NULL); - + xmlSecMSCryptoKeyDataCtxDestroyKey(ctx); xmlSecMSCryptoKeyDataCtxDestroyCert(ctx); xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); @@ -729,7 +720,7 @@ xmlSecMSCryptoKeyDataFinalize(xmlSecKeyDataPtr data) { memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); } -static int +static int xmlSecMSCryptoKeyDataGetSize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; @@ -741,30 +732,30 @@ xmlSecMSCryptoKeyDataGetSize(xmlSecKeyDataPtr data) { if(xmlSecMSCryptoKeyDataCtxGetCert(ctx) != NULL) { xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo != NULL, 0); - return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, - &(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo->SubjectPublicKeyInfo))); + return (CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(xmlSecMSCryptoKeyDataCtxGetCert(ctx)->pCertInfo->SubjectPublicKeyInfo))); } else if (xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0) { DWORD length = 0; - DWORD lenlen = sizeof(DWORD); - - if (!CryptGetKeyParam(xmlSecMSCryptoKeyDataCtxGetKey(ctx), KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(0); - } - return(length); - } - + DWORD lenlen = sizeof(DWORD); + + if (!CryptGetKeyParam(xmlSecMSCryptoKeyDataCtxGetKey(ctx), KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(0); + } + return(length); + } + return (0); } -static xmlSecKeyDataType +static xmlSecKeyDataType xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; - + xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown); @@ -772,7 +763,7 @@ xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) { xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown); /* We could make a call to CryptFindCertificateKeyProvInfo here, to find out if - * we *really* have a private key or not. However if the certificate is not + * we *really* have a private key or not. However if the certificate is not * linked to a private key, the call takes an ridiculous amount of time. * the way it is now is better I think. WK. */ @@ -781,11 +772,11 @@ xmlSecMSCryptoKeyDataGetType(xmlSecKeyDataPtr data) { /** * xmlSecMSCryptoCertDup: - * @pCert: the pointer to cert. - * + * @pCert: the pointer to cert. + * * Duplicates the @pCert. * - * Returns: pointer to newly created PCCERT_CONTEXT object or + * Returns: pointer to newly created PCCERT_CONTEXT object or * NULL if an error occurs. */ PCCERT_CONTEXT xmlSecMSCryptoCertDup(PCCERT_CONTEXT pCert) { @@ -795,100 +786,100 @@ PCCERT_CONTEXT xmlSecMSCryptoCertDup(PCCERT_CONTEXT pCert) { ret = CertDuplicateCertificateContext(pCert); if(ret == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CertDuplicateCertificateContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(NULL); + } + return(ret); } /** * xmlSecMSCryptoCertAdopt: - * @pCert: the pointer to cert. - * @type: the expected key type. + * @pCert: the pointer to cert. + * @type: the expected key type. * * Creates key data value from the cert. * * Returns: pointer to newly created xmlsec key or NULL if an error occurs. */ -xmlSecKeyDataPtr +xmlSecKeyDataPtr xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { xmlSecKeyDataPtr data = NULL; int ret; - + xmlSecAssert2(pCert != NULL, NULL); xmlSecAssert2(pCert->pCertInfo != NULL, NULL); xmlSecAssert2(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId != NULL, NULL); #ifndef XMLSEC_NO_RSA if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA)) { - data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataRsaId); - if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoDataRsaId"); - return(NULL); - } - } -#endif /* XMLSEC_NO_RSA */ + data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataRsaId); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecMSCryptoDataRsaId"); + return(NULL); + } + } +#endif /* XMLSEC_NO_RSA */ #ifndef XMLSEC_NO_DSA if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_X957_DSA /*szOID_DSALG_SIGN*/)) { - data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataDsaId); - if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoKeyDataDsaId"); - return(NULL); - } - } -#endif /* XMLSEC_NO_DSA */ + data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataDsaId); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecMSCryptoKeyDataDsaId"); + return(NULL); + } + } +#endif /* XMLSEC_NO_DSA */ #ifndef XMLSEC_NO_GOST if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001_CP) || !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_2001) || - !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) { - data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id); - if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoKeyDataGost2001Id"); - return(NULL); - } - } -#endif /* XMLSEC_NO_GOST*/ + !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) { + data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id); + if(data == NULL) { + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "xmlSecMSCryptoKeyDataGost2001Id"); + return(NULL); + } + } +#endif /* XMLSEC_NO_GOST*/ if (NULL == data) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "PCCERT_CONTEXT key type %s not supported", pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_INVALID_TYPE, + "PCCERT_CONTEXT key type %s not supported", pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId); + return(NULL); } - xmlSecAssert2(data != NULL, NULL); + xmlSecAssert2(data != NULL, NULL); ret = xmlSecMSCryptoKeyDataAdoptCert(data, pCert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoPCCDataAdoptPCC", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - return(NULL); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecMSCryptoPCCDataAdoptPCC", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy(data); + return(NULL); } return(data); } @@ -907,54 +898,54 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { * <RSAKeyValue> * <Modulus>xA7SEU+e0yQH5rm9kbCDN9o3aPIo7HbP7tX6WOocLZAtNfyxSZDU16ksL6W * jubafOqNEpcwR3RdFsT7bCqnXPBe5ELh5u4VEy19MzxkXRgrMvavzyBpVRgBUwUlV - * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U= + * 5foK5hhmbktQhyNdy/6LpQRhDUDsTvK+g9Ucj47es9AQJ3U= * </Modulus> * <Exponent>AQAB</Exponent> * </RSAKeyValue> * - * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are + * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are * represented in XML as octet strings as defined by the ds:CryptoBinary type. * * Schema Definition: - * + * * <element name="RSAKeyValue" type="ds:RSAKeyValueType"/> * <complexType name="RSAKeyValueType"> * <sequence> - * <element name="Modulus" type="ds:CryptoBinary"/> + * <element name="Modulus" type="ds:CryptoBinary"/> * <element name="Exponent" type="ds:CryptoBinary"/> * </sequence> * </complexType> * * DTD Definition: - * - * <!ELEMENT RSAKeyValue (Modulus, Exponent) > + * + * <!ELEMENT RSAKeyValue (Modulus, Exponent) > * <!ELEMENT Modulus (#PCDATA) > * <!ELEMENT Exponent (#PCDATA) > * * ============================================================================ - * + * * *************************************************************************/ static int xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data); static int xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src); -static void xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data); +static void xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data); static int xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, + xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx); static int xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, - xmlSecSize sizeBits, - xmlSecKeyDataType type); + xmlSecSize sizeBits, + xmlSecKeyDataType type); static xmlSecKeyDataType xmlSecMSCryptoKeyDataRsaGetType(xmlSecKeyDataPtr data); static xmlSecSize xmlSecMSCryptoKeyDataRsaGetSize(xmlSecKeyDataPtr data); -static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); -static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); +static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output); +static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output); static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { sizeof(xmlSecKeyDataKlass), @@ -962,68 +953,54 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataRsaKlass = { /* data */ xmlSecNameRSAKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefRSAKeyValue, /* const xmlChar* href; */ - xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */ - xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ - + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefRSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + /* constructors/destructor */ - xmlSecMSCryptoKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecMSCryptoKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecMSCryptoKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - xmlSecMSCryptoKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - + xmlSecMSCryptoKeyDataRsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCryptoKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCryptoKeyDataRsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCryptoKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + /* get info */ - xmlSecMSCryptoKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ - xmlSecMSCryptoKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecMSCryptoKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCryptoKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - xmlSecMSCryptoKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - xmlSecMSCryptoKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - NULL, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + xmlSecMSCryptoKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCryptoKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecMSCryptoKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ - xmlSecMSCryptoKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + xmlSecMSCryptoKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCryptoKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; -/* Ordered list of providers to search for algorithm implementation using - * xmlSecMSCryptoFindProvider() function - * - * MUST END with { NULL, 0 } !!! - */ -static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Rsa[] = { - { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV, PROV_RSA_AES}, - { XMLSEC_CRYPTO_MS_ENH_RSA_AES_PROV_PROTOTYPE, PROV_RSA_AES }, - { MS_STRONG_PROV, PROV_RSA_FULL }, - { MS_ENHANCED_PROV, PROV_RSA_FULL }, - { MS_DEF_PROV, PROV_RSA_FULL }, - { NULL, 0 } -}; - -/** +/** * xmlSecMSCryptoKeyDataRsaGetKlass: * * The MSCrypto RSA CertKey data klass. * * Returns: pointer to MSCrypto RSA key data klass. */ -xmlSecKeyDataId +xmlSecKeyDataId xmlSecMSCryptoKeyDataRsaGetKlass(void) { return(&xmlSecMSCryptoKeyDataRsaKlass); } -static int +static int xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; - + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), xmlSecKeyDataTypeUnknown); xmlSecMSCryptoKeyDataInitialize(data); @@ -1031,11 +1008,13 @@ xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) { ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - ctx->providers = xmlSecMSCryptoProviderInfo_Rsa; + ctx->providerName = MS_ENHANCED_PROV; + ctx->providerType = PROV_RSA_FULL; + return(0); } -static int +static int xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataRsaId), -1); xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataRsaId), -1); @@ -1043,16 +1022,16 @@ xmlSecMSCryptoKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { return(xmlSecMSCryptoKeyDataDuplicate(dst, src)); } -static void +static void xmlSecMSCryptoKeyDataRsaFinalize(xmlSecKeyDataPtr data) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId)); xmlSecMSCryptoKeyDataFinalize(data); } -static int +static int xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecBn modulus, exponent; xmlSecBuffer blob; unsigned int blobBufferLen; @@ -1070,48 +1049,48 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(key != NULL, -1); xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - + if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_INVALID_KEY_DATA, + "key already has a value"); + return(-1); } /* initialize buffers */ ret = xmlSecBnInitialize(&modulus, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "modulus"); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "modulus"); + return(-1); } ret = xmlSecBnInitialize(&exponent, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "exponent"); - xmlSecBnFinalize(&modulus); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "exponent"); + xmlSecBnFinalize(&modulus); + return(-1); } ret = xmlSecBufferInitialize(&blob, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "blob"); - xmlSecBnFinalize(&modulus); - xmlSecBnFinalize(&exponent); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "blob"); + xmlSecBnFinalize(&modulus); + xmlSecBnFinalize(&exponent); + return(-1); } /* read xml */ @@ -1119,96 +1098,96 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + goto done; } ret = xmlSecBnGetNodeValue(&modulus, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&modulus) == 0)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnGetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + goto done; } cur = xmlSecGetNextElementNode(cur->next); - + /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + goto done; } ret = xmlSecBnGetNodeValue(&exponent, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&exponent) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBnGetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + goto done; } cur = xmlSecGetNextElementNode(cur->next); - + if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) { /* next is X node. It is REQUIRED for private key but - * MSCrypto does not support it. We just ignore it */ - cur = xmlSecGetNextElementNode(cur->next); + * MSCrypto does not support it. We just ignore it */ + cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "no nodes expected"); + goto done; } /* Now try to create the key */ blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + xmlSecBnGetSize(&modulus); ret = xmlSecBufferSetSize(&blob, blobBufferLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blobBufferLen); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", blobBufferLen); + goto done; } /* Set the PUBLICKEYSTRUC */ pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob); - pubKeyStruc->bType = PUBLICKEYBLOB; + pubKeyStruc->bType = PUBLICKEYBLOB; pubKeyStruc->bVersion = 0x02; pubKeyStruc->reserved = 0; pubKeyStruc->aiKeyAlg = CALG_RSA_KEYX | CALG_RSA_SIGN; /* Set the public key header */ pubKey = (RSAPUBKEY*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC)); - pubKey->magic = 0x31415352; /* == RSA1 public */ - pubKey->bitlen = xmlSecBnGetSize(&modulus) * 8; /* Number of bits in prime modulus */ - pubKey->pubexp = 0; + pubKey->magic = 0x31415352; /* == RSA1 public */ + pubKey->bitlen = xmlSecBnGetSize(&modulus) * 8; /* Number of bits in prime modulus */ + pubKey->pubexp = 0; if(sizeof(pubKey->pubexp) < xmlSecBnGetSize(&exponent)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "exponent size=%d", - xmlSecBnGetSize(&exponent)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "exponent size=%d", + xmlSecBnGetSize(&exponent)); + goto done; } xmlSecAssert2(xmlSecBnGetData(&exponent) != NULL, -1); memcpy(&(pubKey->pubexp), xmlSecBnGetData(&exponent), xmlSecBnGetSize(&exponent)); @@ -1218,56 +1197,66 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, memcpy(modulusBlob, xmlSecBnGetData(&modulus), xmlSecBnGetSize(&modulus)); /* Now that we have the blob, import */ - hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, CRYPT_VERIFYCONTEXT, TRUE); - if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + if (!CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, 0)) { + if(NTE_BAD_KEYSET == GetLastError()) { + if(!CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } } if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptImportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptImportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } hProv = 0; hKey = 0; ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeySetValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecKeyDataDestroy(data); + goto done; } data = NULL; @@ -1276,7 +1265,7 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, done: if (hProv == 0) { - CryptReleaseContext(hProv, 0); + CryptReleaseContext(hProv, 0); } if (hKey != 0) { CryptDestroyKey(hKey); @@ -1291,9 +1280,9 @@ done: return(res); } -static int +static int xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecMSCryptoKeyDataCtxPtr ctx; xmlSecBuffer buf; DWORD dwBlobLen; @@ -1303,7 +1292,7 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecSize modulusLen, exponentLen; xmlNodePtr cur; int ret; - + xmlSecAssert2(id == xmlSecMSCryptoKeyDataRsaId, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataRsaId), -1); @@ -1315,144 +1304,144 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + ret = xmlSecBufferInitialize(&buf, dwBlobLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", dwBlobLen); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%ld", dwBlobLen); + return(-1); } blob = xmlSecBufferGetData(&buf); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferFinalize(&buf); + return(-1); } if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld", dwBlobLen); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "blobLen=%ld", dwBlobLen); + xmlSecBufferFinalize(&buf); + return(-1); } /* check PUBLICKEYSTRUC */ pubKeyStruc = (PUBLICKEYSTRUC*)blob; if(pubKeyStruc->bVersion != 0x02) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); + xmlSecBufferFinalize(&buf); + return(-1); } if(pubKeyStruc->bType != PUBLICKEYBLOB) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); + xmlSecBufferFinalize(&buf); + return(-1); } /* check RSAPUBKEY */ - pubKey = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC)); + pubKey = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC)); if(pubKey->magic != 0x31415352) { /* RSA public key magic */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKey->magic=0x%08lx", pubKey->magic); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "pubKey->magic=0x%08lx", pubKey->magic); + xmlSecBufferFinalize(&buf); + return(-1); } - modulusLen = pubKey->bitlen / 8; + modulusLen = pubKey->bitlen / 8; if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulusLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld; modulusLen=%d", dwBlobLen, modulusLen); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "blobLen=%ld; modulusLen=%d", dwBlobLen, modulusLen); + xmlSecBufferFinalize(&buf); + return(-1); } - blob += sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY); + blob += sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY); /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecBufferFinalize(&buf); + return(-1); } ret = xmlSecBnBlobSetNodeValue(blob, modulusLen, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); - xmlSecBufferFinalize(&buf); - return(-1); - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnBlobSetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecBufferFinalize(&buf); + return(-1); + } /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecBufferFinalize(&buf); + return(-1); } /* Remove leading zero's (from least significant end) */ - blob = (xmlSecByte*)(&(pubKey->pubexp)); + blob = (xmlSecByte*)(&(pubKey->pubexp)); exponentLen = sizeof(pubKey->pubexp); while (exponentLen > 0 && blob[exponentLen - 1] == 0) { - exponentLen--; + exponentLen--; } ret = xmlSecBnBlobSetNodeValue(blob, exponentLen, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnBlobSetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecBufferFinalize(&buf); + return(-1); } /* next is PrivateExponent node: not supported in MSCrypto */ @@ -1461,9 +1450,9 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, return(0); } -static int -xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, - xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +static int +xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, + xmlSecKeyDataType type ATTRIBUTE_UNUSED) { xmlSecMSCryptoKeyDataCtxPtr ctx; HCRYPTPROV hProv = 0; HCRYPTKEY hKey = 0; @@ -1480,37 +1469,48 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - /* get provider */ - hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); - if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + if (!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, MS_STRONG_PROV, PROV_RSA_FULL, 0)) { + if (NTE_BAD_KEYSET == GetLastError()) { + if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, MS_STRONG_PROV, PROV_RSA_FULL, CRYPT_NEWKEYSET)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + + return(-1); + } } dwKeySpec = AT_KEYEXCHANGE | AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_RSA_SIGN, dwSize, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptGenKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } - ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, - xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); + ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, + xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } hProv = 0; hKey = 0; @@ -1520,48 +1520,48 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, done: if (hProv != 0) { - CryptReleaseContext(hProv, 0); + CryptReleaseContext(hProv, 0); } if (hKey != 0) { - CryptDestroyKey(hKey); + CryptDestroyKey(hKey); } return(res); } -static xmlSecKeyDataType +static xmlSecKeyDataType xmlSecMSCryptoKeyDataRsaGetType(xmlSecKeyDataPtr data) { return(xmlSecMSCryptoKeyDataGetType(data)); } -static xmlSecSize +static xmlSecSize xmlSecMSCryptoKeyDataRsaGetSize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), 0); return (xmlSecMSCryptoKeyDataGetSize(data)); } -static void +static void xmlSecMSCryptoKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId)); xmlSecAssert(output != NULL); - - fprintf(output, "=== rsa key: size = %d\n", - xmlSecMSCryptoKeyDataRsaGetSize(data)); + + fprintf(output, "=== rsa key: size = %d\n", + xmlSecMSCryptoKeyDataRsaGetSize(data)); } static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId)); xmlSecAssert(output != NULL); - - fprintf(output, "<RSAKeyValue size=\"%d\" />\n", - xmlSecMSCryptoKeyDataRsaGetSize(data)); + + fprintf(output, "<RSAKeyValue size=\"%d\" />\n", + xmlSecMSCryptoKeyDataRsaGetSize(data)); } - + #endif /* XMLSEC_NO_RSA */ -#ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_DSA /************************************************************************** * * <dsig:DSAKeyValue> processing @@ -1569,57 +1569,57 @@ static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* ou * * The DSAKeyValue Element (http://www.w3.org/TR/xmldsig-core/#sec-DSAKeyValue) * - * DSA keys and the DSA signature algorithm are specified in [DSS]. + * DSA keys and the DSA signature algorithm are specified in [DSS]. * DSA public key values can have the following fields: - * - * * P - a prime modulus meeting the [DSS] requirements - * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime - * divisor of P-1 - * * G - an integer with certain properties with respect to P and Q - * * Y - G**X mod P (where X is part of the private key and not made - * public) - * * J - (P - 1) / Q - * * seed - a DSA prime generation seed + * + * * P - a prime modulus meeting the [DSS] requirements + * * Q - an integer in the range 2**159 < Q < 2**160 which is a prime + * divisor of P-1 + * * G - an integer with certain properties with respect to P and Q + * * Y - G**X mod P (where X is part of the private key and not made + * public) + * * J - (P - 1) / Q + * * seed - a DSA prime generation seed * * pgenCounter - a DSA prime generation counter * - * Parameter J is available for inclusion solely for efficiency as it is - * calculatable from P and Q. Parameters seed and pgenCounter are used in the - * DSA prime number generation algorithm specified in [DSS]. As such, they are - * optional but must either both be present or both be absent. This prime - * generation algorithm is designed to provide assurance that a weak prime is - * not being used and it yields a P and Q value. Parameters P, Q, and G can be - * public and common to a group of users. They might be known from application - * context. As such, they are optional but P and Q must either both appear or - * both be absent. If all of P, Q, seed, and pgenCounter are present, - * implementations are not required to check if they are consistent and are - * free to use either P and Q or seed and pgenCounter. All parameters are + * Parameter J is available for inclusion solely for efficiency as it is + * calculatable from P and Q. Parameters seed and pgenCounter are used in the + * DSA prime number generation algorithm specified in [DSS]. As such, they are + * optional but must either both be present or both be absent. This prime + * generation algorithm is designed to provide assurance that a weak prime is + * not being used and it yields a P and Q value. Parameters P, Q, and G can be + * public and common to a group of users. They might be known from application + * context. As such, they are optional but P and Q must either both appear or + * both be absent. If all of P, Q, seed, and pgenCounter are present, + * implementations are not required to check if they are consistent and are + * free to use either P and Q or seed and pgenCounter. All parameters are * encoded as base64 [MIME] values. - * - * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are + * + * Arbitrary-length integers (e.g. "bignums" such as RSA moduli) are * represented in XML as octet strings as defined by the ds:CryptoBinary type. - * + * * Schema Definition: - * - * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/> - * <complexType name="DSAKeyValueType"> + * + * <element name="DSAKeyValue" type="ds:DSAKeyValueType"/> + * <complexType name="DSAKeyValueType"> * <sequence> * <sequence minOccurs="0"> - * <element name="P" type="ds:CryptoBinary"/> + * <element name="P" type="ds:CryptoBinary"/> * <element name="Q" type="ds:CryptoBinary"/> * </sequence> - * <element name="G" type="ds:CryptoBinary" minOccurs="0"/> - * <element name="Y" type="ds:CryptoBinary"/> + * <element name="G" type="ds:CryptoBinary" minOccurs="0"/> + * <element name="Y" type="ds:CryptoBinary"/> * <element name="J" type="ds:CryptoBinary" minOccurs="0"/> * <sequence minOccurs="0"> - * <element name="Seed" type="ds:CryptoBinary"/> - * <element name="PgenCounter" type="ds:CryptoBinary"/> + * <element name="Seed" type="ds:CryptoBinary"/> + * <element name="PgenCounter" type="ds:CryptoBinary"/> * </sequence> * </sequence> * </complexType> - * + * * DTD Definition: - * - * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) > + * + * <!ELEMENT DSAKeyValue ((P, Q)?, G?, Y, J?, (Seed, PgenCounter)?) > * <!ELEMENT P (#PCDATA) > * <!ELEMENT Q (#PCDATA) > * <!ELEMENT G (#PCDATA) > @@ -1629,34 +1629,34 @@ static void xmlSecMSCryptoKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* ou * <!ELEMENT PgenCounter (#PCDATA) > * * ============================================================================ - * + * * To support reading/writing private keys an X element added (before Y). * todo: The current implementation does not support Seed and PgenCounter! * by this the P, Q and G are *required*! * *************************************************************************/ -static int xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data); -static int xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, - xmlSecKeyDataPtr src); -static void xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data); -static int xmlSecMSCryptoKeyDataDsaXmlRead (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, - xmlSecSize sizeBits, - xmlSecKeyDataType type); +static int xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataDsaXmlRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, + xmlSecSize sizeBits, + xmlSecKeyDataType type); static xmlSecKeyDataType xmlSecMSCryptoKeyDataDsaGetType(xmlSecKeyDataPtr data); -static xmlSecSize xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data); -static void xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data, - FILE* output); -static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, - FILE* output); +static xmlSecSize xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data); +static void xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { sizeof(xmlSecKeyDataKlass), @@ -1664,57 +1664,46 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataDsaKlass = { /* data */ xmlSecNameDSAKeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefDSAKeyValue, /* const xmlChar* href; */ - xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */ - xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ - + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefDSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + /* constructors/destructor */ - xmlSecMSCryptoKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecMSCryptoKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecMSCryptoKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - xmlSecMSCryptoKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */ - + xmlSecMSCryptoKeyDataDsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCryptoKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCryptoKeyDataDsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCryptoKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + /* get info */ - xmlSecMSCryptoKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ - xmlSecMSCryptoKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecMSCryptoKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCryptoKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - xmlSecMSCryptoKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - xmlSecMSCryptoKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - NULL, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + xmlSecMSCryptoKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCryptoKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecMSCryptoKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCryptoKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ xmlSecMSCryptoKeyDataDsaDebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; -/* Ordered list of providers to search for algorithm implementation using - * xmlSecMSCryptoFindProvider() function - * - * MUST END with { NULL, 0 } !!! - */ -static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Dss[] = { - { MS_DEF_DSS_PROV, PROV_DSS }, - { NULL, 0 } -}; - - /** * xmlSecMSCryptoKeyDataDsaGetKlass: - * + * * The DSA key data klass. * * Returns: pointer to DSA key data klass. */ -xmlSecKeyDataId +xmlSecKeyDataId xmlSecMSCryptoKeyDataDsaGetKlass(void) { return(&xmlSecMSCryptoKeyDataDsaKlass); } @@ -1731,7 +1720,9 @@ xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data) { ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - ctx->providers = xmlSecMSCryptoProviderInfo_Dss; + ctx->providerName = MS_DEF_DSS_PROV; + ctx->providerType = PROV_DSS; + return(0); } @@ -1746,13 +1737,13 @@ xmlSecMSCryptoKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { static void xmlSecMSCryptoKeyDataDsaFinalize(xmlSecKeyDataPtr data) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId)); - + xmlSecMSCryptoKeyDataFinalize(data); } static int xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data = NULL; xmlNodePtr cur; xmlSecBn p, q, g, y; @@ -1774,73 +1765,73 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_INVALID_KEY_DATA, + "key already has a value"); + return(-1); } /* initialize buffers */ ret = xmlSecBnInitialize(&p, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "p"); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "p"); + return(-1); } ret = xmlSecBnInitialize(&q, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "q"); - xmlSecBnFinalize(&p); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "q"); + xmlSecBnFinalize(&p); + return(-1); } ret = xmlSecBnInitialize(&g, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "g"); - xmlSecBnFinalize(&p); - xmlSecBnFinalize(&q); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "g"); + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + return(-1); } ret = xmlSecBnInitialize(&y, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "y"); - xmlSecBnFinalize(&p); - xmlSecBnFinalize(&q); - xmlSecBnFinalize(&g); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "y"); + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + xmlSecBnFinalize(&g); + return(-1); } ret = xmlSecBufferInitialize(&blob, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "blob"); - xmlSecBnFinalize(&p); - xmlSecBnFinalize(&q); - xmlSecBnFinalize(&g); - xmlSecBnFinalize(&y); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "blob"); + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + xmlSecBnFinalize(&g); + xmlSecBnFinalize(&y); + return(-1); } /* read xml */ @@ -1848,150 +1839,150 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAP)); + goto done; } ret = xmlSecBnGetNodeValue(&p, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&p) == 0)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnGetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAP)); + goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + goto done; } ret = xmlSecBnGetNodeValue(&q, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&q) == 0)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnGetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAG)); + goto done; } ret = xmlSecBnGetNodeValue(&g, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnGetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAG)); + goto done; } cur = xmlSecGetNextElementNode(cur->next); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) { /* next is X node. It is REQUIRED for private key but - * MSCrypto does not support it, we just ignore it */ + * MSCrypto does not support it, we just ignore it */ - cur = xmlSecGetNextElementNode(cur->next); + cur = xmlSecGetNextElementNode(cur->next); } /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_INVALID_NODE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAY)); + goto done; } ret = xmlSecBnGetNodeValue(&y, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&y) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnGetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + goto done; } cur = xmlSecGetNextElementNode(cur->next); /* todo: add support for J */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) { - cur = xmlSecGetNextElementNode(cur->next); + cur = xmlSecGetNextElementNode(cur->next); } - + /* todo: add support for seed */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) { - cur = xmlSecGetNextElementNode(cur->next); + cur = xmlSecGetNextElementNode(cur->next); } /* todo: add support for pgencounter */ if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) { - cur = xmlSecGetNextElementNode(cur->next); + cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), + XMLSEC_ERRORS_R_UNEXPECTED_NODE, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */ blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * xmlSecBnGetSize(&p) + 0x14 + sizeof(DSSSEED); ret = xmlSecBufferSetSize(&blob, blobBufferLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blobBufferLen); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "xmlSecBufferSetSize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%d", blobBufferLen); + goto done; } /* Set PUBLICKEYSTRUC */ - pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob); - pubKeyStruc->bType = PUBLICKEYBLOB; + pubKeyStruc = (PUBLICKEYSTRUC *)xmlSecBufferGetData(&blob); + pubKeyStruc->bType = PUBLICKEYBLOB; pubKeyStruc->bVersion = 0x02; pubKeyStruc->reserved = 0; pubKeyStruc->aiKeyAlg = CALG_DSS_SIGN; /* Set the public key header */ - pubKey = (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC)); - pubKey->magic = 0x31535344; /* == DSS1 pub key */ - pubKey->bitlen = xmlSecBnGetSize(&p) * 8; /* Number of bits in prime modulus */ + pubKey = (DSSPUBKEY *) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC)); + pubKey->magic = 0x31535344; /* == DSS1 pub key */ + pubKey->bitlen = xmlSecBnGetSize(&p) * 8; /* Number of bits in prime modulus */ /* copy the key data */ - buf = (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY)); - + buf = (BYTE*) (xmlSecBufferGetData(&blob) + sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY)); + /* set p */ xmlSecAssert2(xmlSecBnGetData(&p) != NULL, -1); memcpy(buf, xmlSecBnGetData(&p), xmlSecBnGetSize(&p)); @@ -1999,12 +1990,12 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* set q */ if(xmlSecBnGetSize(&q) > 0x14) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "q", - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d > 0x14", xmlSecBnGetSize(&q)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "q", + XMLSEC_ERRORS_R_INVALID_SIZE, + "size=%d > 0x14", xmlSecBnGetSize(&q)); + goto done; } xmlSecAssert2(xmlSecBnGetData(&q) != NULL, -1); memcpy(buf, xmlSecBnGetData(&q), xmlSecBnGetSize(&q)); @@ -2012,45 +2003,45 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* Pad with zeros */ for(i = xmlSecBnGetSize(&q); i < 0x14; ++i) { - *(buf++) = 0; + *(buf++) = 0; } /* set generator */ if(xmlSecBnGetSize(&g) > xmlSecBnGetSize(&p)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "g", - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d > %d", - xmlSecBnGetSize(&g), - xmlSecBnGetSize(&p)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "g", + XMLSEC_ERRORS_R_INVALID_SIZE, + "size=%d > %d", + xmlSecBnGetSize(&g), + xmlSecBnGetSize(&p)); + goto done; } xmlSecAssert2(xmlSecBnGetData(&g) != NULL, -1); memcpy(buf, xmlSecBnGetData(&g), xmlSecBnGetSize(&g)); buf += xmlSecBnGetSize(&g); /* Pad with zeros */ for(i = xmlSecBnGetSize(&g); i < xmlSecBnGetSize(&p); ++i) { - *(buf++) = 0; + *(buf++) = 0; } /* Public key */ if(xmlSecBnGetSize(&y) > xmlSecBnGetSize(&p)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "y", - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d > %d", - xmlSecBnGetSize(&y), - xmlSecBnGetSize(&p)); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "y", + XMLSEC_ERRORS_R_INVALID_SIZE, + "size=%d > %d", + xmlSecBnGetSize(&y), + xmlSecBnGetSize(&p)); + goto done; } xmlSecAssert2(xmlSecBnGetData(&y) != NULL, -1); memcpy(buf, xmlSecBnGetData(&y), xmlSecBnGetSize(&y)); buf += xmlSecBnGetSize(&y); /* Pad with zeros */ for(i = xmlSecBnGetSize(&y); i < xmlSecBnGetSize(&p); ++i) { - *(buf++) = 0; + *(buf++) = 0; } /* Set seed to 0xFFFFFFFFF */ @@ -2058,56 +2049,66 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, memset(seed, 0, sizeof(*seed)); seed->counter = 0xFFFFFFFF; /* SEED Counter set to 0xFFFFFFFF will cause seed to be ignored */ - hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Dss, NULL, CRYPT_VERIFYCONTEXT, TRUE); - if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + if (!CryptAcquireContext(&hProv, NULL, MS_DEF_DSS_PROV, PROV_DSS, 0)) { + if (NTE_BAD_KEYSET == GetLastError()) { + if (!CryptAcquireContext(&hProv, NULL, MS_DEF_DSS_PROV, PROV_DSS, CRYPT_NEWKEYSET)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; + } } /* import the key blob */ if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptImportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptImportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecKeyDataCreate", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } hProv = 0; hKey = 0; ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecKeySetValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } data = NULL; @@ -2116,13 +2117,13 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, done: if (hKey != 0) { - CryptDestroyKey(hKey); + CryptDestroyKey(hKey); } if (hProv != 0) { - CryptReleaseContext(hProv, 0); + CryptReleaseContext(hProv, 0); } if (data != NULL) { - xmlSecKeyDataDestroy(data); + xmlSecKeyDataDestroy(data); } xmlSecBufferFinalize(&blob); @@ -2134,9 +2135,9 @@ done: return(res); } -static int +static int xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecMSCryptoKeyDataCtxPtr ctx; xmlSecBuffer buf; DWORD dwBlobLen; @@ -2147,7 +2148,7 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr cur; int ret; - + xmlSecAssert2(id == xmlSecMSCryptoKeyDataDsaId, -1); xmlSecAssert2(key != NULL, -1); xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDsaId), -1); @@ -2157,129 +2158,129 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ctx = xmlSecMSCryptoKeyDataGetCtx(xmlSecKeyGetValue(key)); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1); - + if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); } ret = xmlSecBufferInitialize(&buf, dwBlobLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", dwBlobLen); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBufferInitialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "size=%ld", dwBlobLen); + return(-1); } blob = xmlSecBufferGetData(&buf); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + xmlSecBufferFinalize(&buf); + return(-1); } if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld", dwBlobLen); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "blobLen=%ld", dwBlobLen); + xmlSecBufferFinalize(&buf); + return(-1); } /* check PUBLICKEYSTRUC */ - pubKeyStruc = (PUBLICKEYSTRUC*)blob; + pubKeyStruc = (PUBLICKEYSTRUC*)blob; if(pubKeyStruc->bVersion != 0x02) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); + xmlSecBufferFinalize(&buf); + return(-1); } if(pubKeyStruc->bType != PUBLICKEYBLOB) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); + xmlSecBufferFinalize(&buf); + return(-1); } /* check DSSPUBKEY */ - pubKey = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC)); + pubKey = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC)); if(pubKey->magic != 0x31535344) { /* DSS key magic */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKey->magic=0x%08lx", pubKey->magic); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + "CryptExportKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + "pubKey->magic=0x%08lx", pubKey->magic); + xmlSecBufferFinalize(&buf); + return(-1); } - keyLen = pubKey->bitlen / 8; + keyLen = pubKey->bitlen / 8; /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */ if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld; keyLen=%d", dwBlobLen, keyLen); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + NULL, + XMLSEC_ERRORS_R_INVALID_DATA, + "blobLen=%ld; keyLen=%d", dwBlobLen, keyLen); + xmlSecBufferFinalize(&buf); + return(-1); } - blob += sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY); + blob += sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY); /* first is P node */ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecBufferFinalize(&buf); + return(-1); } ret = xmlSecBnBlobSetNodeValue(blob, keyLen, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); - xmlSecBufferFinalize(&buf); - return(-1); - } + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnBlobSetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecBufferFinalize(&buf); + return(-1); + } blob += keyLen; /* next is Q node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecBufferFinalize(&buf); + return(-1); } /* we think that the size of q is 0x14, skip trailing zeros */ @@ -2287,28 +2288,28 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnBlobSetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecBufferFinalize(&buf); + return(-1); } blob += 0x14; /* next is G node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecBufferFinalize(&buf); + return(-1); } /* skip trailing zeros */ @@ -2316,13 +2317,13 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); - xmlSecBufferFinalize(&buf); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnBlobSetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecBufferFinalize(&buf); return(-1); } blob += keyLen; @@ -2332,14 +2333,14 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecAddChild", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecBufferFinalize(&buf); + return(-1); } /* skip trailing zeros */ @@ -2347,14 +2348,14 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); - xmlSecBufferFinalize(&buf); - return(-1); + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), + "xmlSecBnBlobSetNodeValue", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecBufferFinalize(&buf); + return(-1); } blob += keyLen; @@ -2365,7 +2366,7 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, static int xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { xmlSecMSCryptoKeyDataCtxPtr ctx; - HCRYPTPROV hProv = 0; + HCRYPTPROV hProv = 0; HCRYPTKEY hKey = 0; DWORD dwKeySpec; DWORD dwSize; @@ -2379,36 +2380,46 @@ xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml ctx = xmlSecMSCryptoKeyDataGetCtx(data); - hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); - if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, ctx->providerName, ctx->providerType, 0)) { + if (NTE_BAD_KEYSET == GetLastError()) { + if(!CryptAcquireContext(&hProv, XMLSEC_CONTAINER_NAME, ctx->providerName, ctx->providerType, CRYPT_NEWKEYSET)) { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptAcquireContext", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return(-1); + } } dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "CryptGenKey", + XMLSEC_ERRORS_R_CRYPTO_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } - ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, - xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); + ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, + xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoKeyDataAdoptKey", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + goto done; } hProv = 0; hKey = 0; @@ -2418,11 +2429,11 @@ xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml done: if (hProv != 0) { - CryptReleaseContext(hProv, 0); + CryptReleaseContext(hProv, 0); } if (hKey != 0) { - CryptDestroyKey(hKey); + CryptDestroyKey(hKey); } return(res); @@ -2433,29 +2444,29 @@ xmlSecMSCryptoKeyDataDsaGetType(xmlSecKeyDataPtr data) { return(xmlSecMSCryptoKeyDataGetType(data)); } -static xmlSecSize +static xmlSecSize xmlSecMSCryptoKeyDataDsaGetSize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), 0); return xmlSecMSCryptoKeyDataGetSize(data); } -static void +static void xmlSecMSCryptoKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId)); xmlSecAssert(output != NULL); - - fprintf(output, "=== dsa key: size = %d\n", - xmlSecMSCryptoKeyDataDsaGetSize(data)); + + fprintf(output, "=== dsa key: size = %d\n", + xmlSecMSCryptoKeyDataDsaGetSize(data)); } static void xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId)); xmlSecAssert(output != NULL); - - fprintf(output, "<DSAKeyValue size=\"%d\" />\n", - xmlSecMSCryptoKeyDataDsaGetSize(data)); + + fprintf(output, "<DSAKeyValue size=\"%d\" />\n", + xmlSecMSCryptoKeyDataDsaGetSize(data)); } #endif /* XMLSEC_NO_DSA */ @@ -2467,28 +2478,28 @@ xmlSecMSCryptoKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { * GOST2001 xml key representation processing. Contain errors. * *************************************************************************/ -static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data); -static int xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, - xmlSecKeyDataPtr src); -static void xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data); -static int xmlSecMSCryptoKeyDataGost2001XmlRead (xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecMSCryptoKeyDataGost2001XmlWrite(xmlSecKeyDataId id, - xmlSecKeyPtr key, - xmlNodePtr node, - xmlSecKeyInfoCtxPtr keyInfoCtx); -static int xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data, - xmlSecSize sizeBits, - xmlSecKeyDataType type); +static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGost2001XmlRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataGost2001XmlWrite(xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataGost2001Generate(xmlSecKeyDataPtr data, + xmlSecSize sizeBits, + xmlSecKeyDataType type); static xmlSecKeyDataType xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data); -static xmlSecSize xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data); -static void xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, - FILE* output); -static void xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, - FILE* output); +static xmlSecSize xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data); +static void xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = { sizeof(xmlSecKeyDataKlass), @@ -2496,57 +2507,46 @@ static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2001Klass = { /* data */ xmlSecNameGOST2001KeyValue, - xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, - /* xmlSecKeyDataUsage usage; */ - xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */ - xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */ - xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ - + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefGOST2001KeyValue, /* const xmlChar* href; */ + xmlSecNodeGOST2001KeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + /* constructors/destructor */ - xmlSecMSCryptoKeyDataGost2001Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ - xmlSecMSCryptoKeyDataGost2001Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ - xmlSecMSCryptoKeyDataGost2001Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ - NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */ - + xmlSecMSCryptoKeyDataGost2001Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCryptoKeyDataGost2001Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCryptoKeyDataGost2001Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */ + /* get info */ - xmlSecMSCryptoKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */ - xmlSecMSCryptoKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ - NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + xmlSecMSCryptoKeyDataGost2001GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCryptoKeyDataGost2001GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ /* read/write */ - NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ - NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ - NULL, /* xmlSecKeyDataBinReadMethod binRead; */ - NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ /* debug */ - xmlSecMSCryptoKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCryptoKeyDataGost2001DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ xmlSecMSCryptoKeyDataGost2001DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ /* reserved for the future */ - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ -}; - -/* Ordered list of providers to search for algorithm implementation using - * xmlSecMSCryptoFindProvider() function - * - * MUST END with { NULL, 0 } !!! - */ -static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost[] = { - { MAGPRO_CSP, PROV_MAGPRO_GOST }, - { CRYPTOPRO_CSP, PROV_CRYPTOPRO_GOST }, - { NULL, 0 } + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; /** * xmlSecMSCryptoKeyDataGost2001GetKlass: - * + * * The GOST2001 key data klass. * * Returns: pointer to GOST2001 key data klass. */ -xmlSecKeyDataId +xmlSecKeyDataId xmlSecMSCryptoKeyDataGost2001GetKlass(void) { return(&xmlSecMSCryptoKeyDataGost2001Klass); } @@ -2555,6 +2555,7 @@ xmlSecMSCryptoKeyDataGost2001GetKlass(void) { static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; + HCRYPTPROV tmp_ctx = 0; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), xmlSecKeyDataTypeUnknown); @@ -2563,7 +2564,24 @@ xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) { ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - ctx->providers = xmlSecMSCryptoProviderInfo_Gost; + /* GOST Algorithm is provided by several CSP's, so we try to find any installed */ + if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_MAGPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { + ctx->providerName = "MagPro CSP"; + ctx->providerType = PROV_MAGPRO_GOST; + } else { + if (CryptAcquireContext(&tmp_ctx, NULL, NULL, PROV_CRYPTOPRO_GOST, CRYPT_VERIFYCONTEXT | CRYPT_SILENT)) { + ctx->providerName = "CryptoPro CSP"; + ctx->providerType = PROV_CRYPTOPRO_GOST; + } else { + xmlSecError(XMLSEC_ERRORS_HERE, + xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), + "xmlSecMSCryptoKeyDataGost2001Initialize", + XMLSEC_ERRORS_R_XMLSEC_FAILED, + XMLSEC_ERRORS_NO_MESSAGE); + return -1; + } + } + CryptReleaseContext(tmp_ctx, 0); return(0); } @@ -2578,7 +2596,7 @@ xmlSecMSCryptoKeyDataGost2001Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr sr static void xmlSecMSCryptoKeyDataGost2001Finalize(xmlSecKeyDataPtr data) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id)); - + xmlSecMSCryptoKeyDataFinalize(data); } @@ -2587,29 +2605,29 @@ xmlSecMSCryptoKeyDataGost2001GetType(xmlSecKeyDataPtr data) { return(xmlSecMSCryptoKeyDataGetType(data)); } -static xmlSecSize +static xmlSecSize xmlSecMSCryptoKeyDataGost2001GetSize(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), 0); return xmlSecMSCryptoKeyDataGetSize(data); } -static void +static void xmlSecMSCryptoKeyDataGost2001DebugDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id)); xmlSecAssert(output != NULL); - - fprintf(output, "=== dsa key: size = %d\n", - xmlSecMSCryptoKeyDataGost2001GetSize(data)); + + fprintf(output, "=== dsa key: size = %d\n", + xmlSecMSCryptoKeyDataGost2001GetSize(data)); } static void xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id)); xmlSecAssert(output != NULL); - - fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n", - xmlSecMSCryptoKeyDataGost2001GetSize(data)); + + fprintf(output, "<GOST2001KeyValue size=\"%d\" />\n", + xmlSecMSCryptoKeyDataGost2001GetSize(data)); } #endif /* XMLSEC_NO_GOST*/ |