diff options
Diffstat (limited to 'src/nss/signatures.c')
-rw-r--r-- | src/nss/signatures.c | 635 |
1 files changed, 528 insertions, 107 deletions
diff --git a/src/nss/signatures.c b/src/nss/signatures.c index 4f54170e..35ac4598 100644 --- a/src/nss/signatures.c +++ b/src/nss/signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -78,11 +86,46 @@ static int xmlSecNssSignatureExecute (xmlSecTransformPtr tran static int xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) { return(1); } +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha256Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha1Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha256Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha384Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha512Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -97,6 +140,12 @@ xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { return(1); @@ -132,13 +181,60 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { memset(ctx, 0, sizeof(xmlSecNssSignatureCtx)); #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) { ctx->keyId = xmlSecNssKeyDataDsaId; /* This creates a signature which is ASN1 encoded */ ctx->alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha256Id)) { + ctx->keyId = xmlSecNssKeyDataDsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; + } else +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha1Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha224Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA24 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha256Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha384Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha512Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -156,6 +252,13 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha224Id)) { + ctx->keyId = xmlSecNssKeyDataRsaId; + ctx->alg = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; + } else +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { ctx->keyId = xmlSecNssKeyDataRsaId; @@ -180,11 +283,7 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_RSA */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -236,48 +335,38 @@ xmlSecNssSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(value != NULL, -1); if (transform->operation == xmlSecTransformOperationSign) { - if (ctx->u.sig.privkey) + if (ctx->u.sig.privkey) { SECKEY_DestroyPrivateKey(ctx->u.sig.privkey); + } ctx->u.sig.privkey = xmlSecNssPKIKeyDataGetPrivKey(value); if(ctx->u.sig.privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssPKIKeyDataGetPrivKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataGetPrivKey", + xmlSecTransformGetName(transform)); return(-1); } ctx->u.sig.sigctx = SGN_NewContext(ctx->alg, ctx->u.sig.privkey); if (ctx->u.sig.sigctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_NewContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_NewContext", + xmlSecTransformGetName(transform)); return(-1); } } else { - if (ctx->u.vfy.pubkey) + if (ctx->u.vfy.pubkey) { SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey); + } ctx->u.vfy.pubkey = xmlSecNssPKIKeyDataGetPubKey(value); if(ctx->u.vfy.pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssPKIKeyDataGetPubKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataGetPubKey", + xmlSecTransformGetName(transform)); return(-1); } ctx->u.vfy.vfyctx = VFY_CreateContext(ctx->u.vfy.pubkey, NULL, ctx->alg, NULL); if (ctx->u.vfy.vfyctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_CreateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_CreateContext", + xmlSecTransformGetName(transform)); return(-1); } } @@ -309,6 +398,26 @@ xmlSecNssSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyRe return(0); } +/** + * xmlSecNssSignatureAlgorithmEncoded: + * + * Determines if the given algorithm requires a signature which is ASN1 encoded. + */ +static int +xmlSecNssSignatureAlgorithmEncoded(SECOidTag alg) { + switch(alg) { + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + return(1); + default: + return(0); + } +} static int xmlSecNssSignatureVerify(xmlSecTransformPtr transform, @@ -331,19 +440,16 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform, signature.data = (unsigned char *)data; signature.len = dataSize; - if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + if(xmlSecNssSignatureAlgorithmEncoded(ctx->alg)) { /* This creates a signature which is ASN1 encoded */ SECItem signatureDer; SECStatus statusDer; - statusDer = DSAU_EncodeDerSig(&signatureDer, &signature); + memset(&signatureDer, 0, sizeof(signatureDer)); + statusDer = DSAU_EncodeDerSigWithLen(&signatureDer, &signature, signature.len); if(statusDer != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "DSAU_EncodeDerSig", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); + xmlSecNssError("DSAU_EncodeDerSigWithLen", + xmlSecTransformGetName(transform)); return(-1); } status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signatureDer); @@ -353,20 +459,14 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform, } if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_EndWithSignature", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); - if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_EndWithSignature", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature does not verify"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "VFY_EndWithSignature: signature does not verify"); transform->status = xmlSecTransformStatusFail; + } else { + xmlSecNssError("VFY_EndWithSignature", + xmlSecTransformGetName(transform)); } return(-1); } @@ -413,21 +513,15 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { status = SGN_Begin(ctx->u.sig.sigctx); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_Begin", + xmlSecTransformGetName(transform)); return(-1); } } else { status = VFY_Begin(ctx->u.vfy.vfyctx); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_Begin", + xmlSecTransformGetName(transform)); return(-1); } } @@ -440,32 +534,23 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { status = SGN_Update(ctx->u.sig.sigctx, xmlSecBufferGetData(in), inSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_Update", + xmlSecTransformGetName(transform)); return(-1); } } else { status = VFY_Update(ctx->u.vfy.vfyctx, xmlSecBufferGetData(in), inSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_Update", + xmlSecTransformGetName(transform)); return(-1); } } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -476,38 +561,48 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor memset(&signature, 0, sizeof(signature)); status = SGN_End(ctx->u.sig.sigctx, &signature); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_End", + xmlSecTransformGetName(transform)); return(-1); } - if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + if(xmlSecNssSignatureAlgorithmEncoded(ctx->alg)) { /* This creates a signature which is ASN1 encoded */ SECItem * signatureClr; - signatureClr = DSAU_DecodeDerSig(&signature); - if(signatureClr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "DSAU_EncodeDerSig", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); - SECITEM_FreeItem(&signature, PR_FALSE); - return(-1); + if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + signatureClr = DSAU_DecodeDerSig(&signature); + if(signatureClr == NULL) { + xmlSecNssError("DSAU_DecodeDerSig", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } + } else { + /* In the ECDSA case the signature length depends on the + * key parameters. */ + int signatureSize = PK11_SignatureLen(ctx->u.sig.privkey); + if(signatureSize < 1) { + xmlSecNssError("PK11_SignatureLen", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } + + signatureClr = DSAU_DecodeDerSigToLen(&signature, signatureSize); + if(signatureClr == NULL) { + xmlSecNssError("DSAU_DecodeDerSigToLen", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } } ret = xmlSecBufferSetData(out, signatureClr->data, signatureClr->len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - signatureClr->len); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", signatureClr->len); SECITEM_FreeItem(&signature, PR_FALSE); return(-1); } @@ -517,12 +612,9 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* This signature is used as-is */ ret = xmlSecBufferSetData(out, signature.data, signature.len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - signature.len); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", signature.len); SECITEM_FreeItem(&signature, PR_FALSE); return(-1); } @@ -539,11 +631,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -551,6 +639,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor } #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 /**************************************************************************** * * DSA-SHA1 signature transform @@ -595,9 +684,295 @@ xmlSecTransformId xmlSecNssTransformDsaSha1GetKlass(void) { return(&xmlSecNssDsaSha1Klass); } +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * DSA-SHA256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssDsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameDsaSha256, /* const xmlChar* name; */ + xmlSecHrefDsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformDsaSha256GetKlass: + * + * The DSA-SHA256 signature transform klass. + * + * Returns: DSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformDsaSha256GetKlass(void) { + return(&xmlSecNssDsaSha256Klass); +} +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * ECDSA-SHA1 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha1, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha1GetKlass: + * + * The ECDSA-SHA1 signature transform klass. + * + * Returns: ECDSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha1GetKlass(void) { + return(&xmlSecNssEcdsaSha1Klass); +} + +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * ECDSA-SHA224 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha224, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha224GetKlass: + * + * The ECDSA-SHA224 signature transform klass. + * + * Returns: ECDSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha224GetKlass(void) { + return(&xmlSecNssEcdsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * ECDSA-SHA256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha256, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha256GetKlass: + * + * The ECDSA-SHA256 signature transform klass. + * + * Returns: ECDSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha256GetKlass(void) { + return(&xmlSecNssEcdsaSha256Klass); +} + +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 +/**************************************************************************** + * + * ECDSA-SHA384 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha384, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha384GetKlass: + * + * The ECDSA-SHA384 signature transform klass. + * + * Returns: ECDSA-SHA384 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha384GetKlass(void) { + return(&xmlSecNssEcdsaSha384Klass); +} + +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 +/**************************************************************************** + * + * ECDSA-SHA512 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha512, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha512GetKlass: + * + * The ECDSA-SHA512 signature transform klass. + * + * Returns: ECDSA-SHA512 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha512GetKlass(void) { + return(&xmlSecNssEcdsaSha512Klass); +} + +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -695,6 +1070,52 @@ xmlSecNssTransformRsaSha1GetKlass(void) { #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * RSA-SHA224 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecNssRsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha224, /* const xmlChar* name; */ + xmlSecHrefRsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformRsaSha224GetKlass: + * + * The RSA-SHA224 signature transform klass. + * + * Returns: RSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformRsaSha224GetKlass(void) { + return(&xmlSecNssRsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 /**************************************************************************** * |