diff options
Diffstat (limited to 'src/nss/pkikeys.c')
| -rw-r--r-- | src/nss/pkikeys.c | 640 |
1 files changed, 298 insertions, 342 deletions
diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index 5ede4ccb..1b8ea2db 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:pkikeys + * @Short_description: Private/public keys implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -118,11 +126,7 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst, if (ctxSrc->privkey != NULL) { ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); if(ctxDst->privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECKEY_CopyPrivateKey", NULL); return(-1); } } @@ -130,11 +134,7 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst, if (ctxSrc->pubkey != NULL) { ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); if(ctxDst->pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECKEY_CopyPublicKey", NULL); return(-1); } } @@ -147,30 +147,27 @@ xmlSecNssPKIKeyDataAdoptKey(xmlSecKeyDataPtr data, SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; - KeyType pubType = nullKey ; - KeyType priType = nullKey ; + KeyType pubType = nullKey; + KeyType priType = nullKey; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); - if( privkey != NULL ) { - priType = SECKEY_GetPrivateKeyType( privkey ) ; - } + if(privkey != NULL) { + priType = SECKEY_GetPrivateKeyType(privkey); + } - if( pubkey != NULL ) { - pubType = SECKEY_GetPublicKeyType( pubkey ) ; - } + if(pubkey != NULL) { + pubType = SECKEY_GetPublicKeyType(pubkey); + } - if( priType != nullKey && pubType != nullKey ) { - if( pubType != priType ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - "different type of private and public key" ) ; - return -1 ; - } + if(priType != nullKey && pubType != nullKey) { + if(pubType != priType) { + xmlSecInvalidIntegerTypeError2("pubType", pubType, "priType", priType, + "pubType == priType", NULL); + return -1; } + } ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -204,39 +201,32 @@ xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey, { xmlSecKeyDataPtr data = NULL; int ret; - KeyType pubType = nullKey ; - KeyType priType = nullKey ; + KeyType pubType = nullKey; + KeyType priType = nullKey; - if( privkey != NULL ) { - priType = SECKEY_GetPrivateKeyType( privkey ) ; - } + if(privkey != NULL) { + priType = SECKEY_GetPrivateKeyType(privkey); + } - if( pubkey != NULL ) { - pubType = SECKEY_GetPublicKeyType( pubkey ) ; - } + if(pubkey != NULL) { + pubType = SECKEY_GetPublicKeyType(pubkey); + } - if( priType != nullKey && pubType != nullKey ) { - if( pubType != priType ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - "different type of private and public key" ) ; - return( NULL ) ; - } + if(priType != nullKey && pubType != nullKey) { + if(pubType != priType) { + xmlSecInvalidIntegerTypeError2("pubType", pubType, "priType", priType, + "pubType == priType", NULL); + return(NULL); } + } - pubType = priType != nullKey ? priType : pubType ; + pubType = (priType != nullKey) ? priType : pubType; switch(pubType) { #ifndef XMLSEC_NO_RSA case rsaKey: data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } break; @@ -245,32 +235,30 @@ xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey, case dsaKey: data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate", NULL); return(NULL); } break; #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA + case ecKey: + data = xmlSecKeyDataCreate(xmlSecNssKeyDataEcdsaId); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", NULL); + return(NULL); + } + break; +#endif /* XMLSEC_NO_ECDSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "PKI key type %d not supported", pubType); + xmlSecInvalidIntegerTypeError("pubType", pubType, + "supported PKI key type", NULL); return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", NULL); xmlSecKeyDataDestroy(data); return(NULL); } @@ -380,11 +368,8 @@ xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(ctxSrc != NULL, -1); if (xmlSecNSSPKIKeyDataCtxDup(ctxDst, ctxSrc) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssPKIKeydataCtxDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeydataCtxDup", + xmlSecKeyDataGetName(dst)); return(-1); } @@ -579,45 +564,31 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); ret = -1; goto done; } slot = PK11_GetBestSlot(CKM_DSA, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PORT_NewArena", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } - pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, - sizeof(SECKEYPublicKey)); - if(pubkey == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); + if(pubkey == NULL) { + xmlSecNssError2("PORT_ArenaZAlloc", xmlSecKeyDataKlassGetName(id), + "size=%lu", (unsigned long)sizeof(SECKEYPublicKey)); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -630,22 +601,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.prime)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -653,22 +615,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.subPrime)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -676,22 +629,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.base)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -706,21 +650,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.publicValue)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -742,55 +678,39 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)) ret = -1; goto done; } handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE); if(handle == CK_INVALID_HANDLE) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_ImportPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportPublicKey", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } data = xmlSecKeyDataCreate(id); - if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } pubkey = NULL; ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; @@ -837,66 +757,42 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node */ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecAddChild(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.prime), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is Q node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecAddChild(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.subPrime), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is G node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecAddChild(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.base), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -905,25 +801,18 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecAddChild(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.publicValue), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); return(-1); } + /* done */ return(0); } @@ -945,46 +834,43 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe j = PQG_PBITS_TO_INDEX(sizeBits); rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data), + "size=%lu", (unsigned long)sizeBits); goto done; } rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res); if (rv != SECSuccess || res != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data), + "size=%lu", (unsigned long)sizeBits); goto done; } slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data)); + goto done; + } + + rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if (rv != SECSuccess) { + xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data), + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); + goto done; + } + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); if((privkey == NULL) || (pubkey == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } @@ -1216,45 +1102,31 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); ret = -1; goto done; } slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PORT_NewArena", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); - if(pubkey == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + if(pubkey == NULL) { + xmlSecNssError("PORT_ArenaZAlloc", xmlSecKeyDataKlassGetName(id)); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -1266,22 +1138,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.modulus)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -1289,22 +1152,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.publicExponent)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -1317,33 +1171,23 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } data = xmlSecKeyDataCreate(id); - if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1351,11 +1195,8 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1404,44 +1245,28 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecAddChild(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.modulus), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecAddChild(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.publicExponent), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -1456,7 +1281,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe PK11SlotInfo *slot = NULL; SECKEYPrivateKey *privkey = NULL; SECKEYPublicKey *pubkey = NULL; - int ret = -1; + SECStatus rv; + int ret = -1; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), -1); xmlSecAssert2(sizeBits > 0, -1); @@ -1465,27 +1291,29 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe params.pe = 65537; slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data)); + goto done; + } + + rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if (rv != SECSuccess) { + xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data), + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); + goto done; + } + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); - if(privkey == NULL || pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - + xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } @@ -1559,5 +1387,133 @@ xmlSecNssKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { #endif /* XMLSEC_NO_RSA */ +#ifndef XMLSEC_NO_ECDSA +static int xmlSecNssKeyDataEcdsaInitialize(xmlSecKeyDataPtr data); +static int xmlSecNssKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecNssKeyDataEcdsaFinalize(xmlSecKeyDataPtr data); + +static xmlSecKeyDataType xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecNssKeyDataEcdsaGetSize(xmlSecKeyDataPtr data); +static void xmlSecNssKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecNssKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecNssKeyDataEcdsaKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + + /* data */ + xmlSecNameECDSAKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefECDSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeECDSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecNssKeyDataEcdsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecNssKeyDataEcdsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecNssKeyDataEcdsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ + /* get info */ + xmlSecNssKeyDataEcdsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecNssKeyDataEcdsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecNssKeyDataEcdsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecNssKeyDataEcdsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssKeyDataEcdsaGetKlass: + * + * The ECDSA key data klass. + * + * Returns: pointer to ECDSA key data klass. + */ +xmlSecKeyDataId +xmlSecNssKeyDataEcdsaGetKlass(void) { + return(&xmlSecNssKeyDataEcdsaKlass); +} + +static int +xmlSecNssKeyDataEcdsaInitialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), -1); + + return(xmlSecNssPKIKeyDataInitialize(data)); +} + +static int +xmlSecNssKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataEcdsaId), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataEcdsaId), -1); + + return(xmlSecNssPKIKeyDataDuplicate(dst, src)); +} + +static void +xmlSecNssKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + + xmlSecNssPKIKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data) { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1); + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else { + return(xmlSecKeyDataTypePublic); + } +} + +static xmlSecSize +xmlSecNssKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1); + + return(SECKEY_SignatureLen(ctx->pubkey)); +} + +static void +xmlSecNssKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== ecdsa key: size = %d\n", + xmlSecNssKeyDataEcdsaGetSize(data)); +} + +static void +xmlSecNssKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n", + xmlSecNssKeyDataEcdsaGetSize(data)); +} +#endif /* XMLSEC_NO_ECDSA */ |