From 07bb297329b9e9754d09dcb6d70417272a626619 Mon Sep 17 00:00:00 2001 From: Anas Nashif Date: Thu, 22 Nov 2012 10:31:06 -0800 Subject: Imported Upstream version 1.2.14 --- src/nss/keytrans.c | 1235 ++++++++++++++++++++++++++-------------------------- 1 file changed, 613 insertions(+), 622 deletions(-) (limited to 'src/nss/keytrans.c') diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c index d84593b9..5d256c22 100644 --- a/src/nss/keytrans.c +++ b/src/nss/keytrans.c @@ -1,12 +1,12 @@ -/** +/** * * XMLSec library - * + * * AES Algorithm support - * + * * This is free software; see Copyright file in the source * distribution for preciese wording. - * + * * Copyright ................................. */ #include "globals.h" @@ -32,722 +32,713 @@ /********************************************************************* * - * Key transport transforms + * key transform transforms * ********************************************************************/ -typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx; -typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr; +typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTransportCtx; +typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr; -#define xmlSecNssKeyTransportSize \ - ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) +#define xmlSecNssKeyTransportSize \ + ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) #define xmlSecNssKeyTransportGetCtx( transform ) \ - ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) struct _xmlSecNssKeyTransportCtx { - CK_MECHANISM_TYPE cipher ; - SECKEYPublicKey* pubkey ; - SECKEYPrivateKey* prikey ; - xmlSecKeyDataId keyId ; - xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ + CK_MECHANISM_TYPE cipher ; + SECKEYPublicKey* pubkey ; + SECKEYPrivateKey* prikey ; + xmlSecKeyDataId keyId ; + xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ } ; -static int xmlSecNssKeyTransportInitialize (xmlSecTransformPtr transform); -static void xmlSecNssKeyTransportFinalize (xmlSecTransformPtr transform); -static int xmlSecNssKeyTransportSetKeyReq (xmlSecTransformPtr transform, - xmlSecKeyReqPtr keyReq); -static int xmlSecNssKeyTransportSetKey (xmlSecTransformPtr transform, - xmlSecKeyPtr key); -static int xmlSecNssKeyTransportExecute (xmlSecTransformPtr transform, - int last, - xmlSecTransformCtxPtr transformCtx); +static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform); +static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform); +static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); static int xmlSecNssKeyTransportCheckId(xmlSecTransformPtr transform) { - -#ifndef XMLSEC_NO_RSA - if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaPkcs1Id)) { - return(1); - } -#endif /* XMLSEC_NO_RSA */ - -/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but - it doesn't implement the SHA1 OAEP PKCS we need - - https://bugzilla.mozilla.org/show_bug.cgi?id=158747 -*/ -#ifdef XMLSEC_NSS_RSA_OAEP_TODO #ifndef XMLSEC_NO_RSA - if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaOaepId)) { - return (1); + if( xmlSecTransformCheckId( transform, xmlSecNssTransformRsaPkcs1Id ) +/* RSA OAEP is not supported by NSS yet */ +#ifdef TODO + || xmlSecTransformCheckId( transform, xmlSecNssTransformRsaOaepId ) +#endif /* TODO: RSA OAEP is not supported by NSS yet */ + + ) { + + return(1); } #endif /* XMLSEC_NO_RSA */ -#endif /* XMLSEC_NSS_RSA_OAEP_TODO */ - - /* not found */ + return(0); } -static int +static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context ; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); - - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert2( context != NULL , -1 ) ; - - /* initialize context */ - memset(context, 0, sizeof(xmlSecNssKeyTransportCtx)); + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; #ifndef XMLSEC_NO_RSA - if(transform->id == xmlSecNssTransformRsaPkcs1Id) { - context->cipher = CKM_RSA_PKCS; - context->keyId = xmlSecNssKeyDataRsaId; - } else -#endif /* XMLSEC_NO_RSA */ - -/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but - it doesn't implement the SHA1 OAEP PKCS we need - - https://bugzilla.mozilla.org/show_bug.cgi?id=158747 -*/ -#ifdef XMLSEC_NSS_RSA_OAEP_TODO -#ifndef XMLSEC_NO_RSA - if(transform->id == xmlSecNssTransformRsaOaepId) { - context->cipher = CKM_RSA_PKCS_OAEP; - context->keyId = xmlSecNssKeyDataRsaId; - } else -#endif /* XMLSEC_NO_RSA */ -#endif /* XMLSEC_NSS_RSA_OAEP_TODO */ - - /* not found */ - { - xmlSecError(XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + if( transform->id == xmlSecNssTransformRsaPkcs1Id ) { + context->cipher = CKM_RSA_PKCS ; + context->keyId = xmlSecNssKeyDataRsaId ; +/* RSA OAEP is not supported by NSS yet */ +#ifdef TODO + } else if( transform->id == xmlSecNssTransformRsaOaepId ) { + context->cipher = CKM_RSA_PKCS_OAEP ; + context->keyId = xmlSecNssKeyDataRsaId ; +#endif /* TODO: RSA OAEP is not supported by NSS yet */ + } else +#endif /* XMLSEC_NO_RSA */ + + if( 1 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->pubkey = NULL ; + context->prikey = NULL ; + context->material = NULL ; return(0); } -static void +static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { - xmlSecNssKeyTransportCtxPtr context ; - + xmlSecNssKeyTransportCtxPtr context ; + xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); - - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert( context != NULL ) ; - - if( context->pubkey != NULL ) { - SECKEY_DestroyPublicKey( context->pubkey ) ; - context->pubkey = NULL ; - } - - if( context->prikey != NULL ) { - SECKEY_DestroyPrivateKey( context->prikey ) ; - context->prikey = NULL ; - } - - if( context->material != NULL ) { - xmlSecBufferDestroy(context->material); - context->material = NULL ; - } + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + xmlSecAssert( context != NULL ) ; + + if( context->pubkey != NULL ) { + SECKEY_DestroyPublicKey( context->pubkey ) ; + context->pubkey = NULL ; + } + + if( context->prikey != NULL ) { + SECKEY_DestroyPrivateKey( context->prikey ) ; + context->prikey = NULL ; + } + + if( context->material != NULL ) { + xmlSecBufferDestroy(context->material); + context->material = NULL ; + } } -static int +static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecNssKeyTransportCtxPtr context ; - + xmlSecNssKeyTransportCtxPtr context ; + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(keyReq != NULL, -1); + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + xmlSecAssert2( context != NULL , -1 ) ; - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert2( context != NULL , -1 ) ; - - keyReq->keyId = context->keyId; + keyReq->keyId = context->keyId; if(transform->operation == xmlSecTransformOperationEncrypt) { - keyReq->keyUsage = xmlSecKeyUsageEncrypt; - keyReq->keyType = xmlSecKeyDataTypePublic; + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + keyReq->keyType = xmlSecKeyDataTypePublic; } else { - keyReq->keyUsage = xmlSecKeyUsageDecrypt; - keyReq->keyType = xmlSecKeyDataTypePrivate; + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + keyReq->keyType = xmlSecKeyDataTypePrivate; } return(0); } -static int +static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecNssKeyTransportCtxPtr context = NULL ; - xmlSecKeyDataPtr keyData = NULL ; - SECKEYPublicKey* pubkey = NULL ; - SECKEYPrivateKey* prikey = NULL ; + xmlSecNssKeyTransportCtxPtr context = NULL ; + xmlSecKeyDataPtr keyData = NULL ; + SECKEYPublicKey* pubkey = NULL ; + SECKEYPrivateKey* prikey = NULL ; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(key != NULL, -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportGetCtx" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; - - keyData = xmlSecKeyGetValue( key ) ; - if( keyData == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , - "xmlSecKeyGetValue" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + context = xmlSecNssKeyTransportGetCtx( transform ) ; + if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; + + keyData = xmlSecKeyGetValue( key ) ; + if( keyData == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , + "xmlSecKeyGetValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } if(transform->operation == xmlSecTransformOperationEncrypt) { - if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , - "xmlSecNssPKIKeyDataGetPubKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - context->pubkey = pubkey ; - } else { - if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , - "xmlSecNssPKIKeyDataGetPrivKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - context->prikey = prikey ; - } - - return(0) ; + if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssPKIKeyDataGetPubKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->pubkey = pubkey ; + } else { + if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , + "xmlSecNssPKIKeyDataGetPrivKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + context->prikey = prikey ; + } + + return(0) ; } -static int +/** + * key wrap transform + */ +static int xmlSecNssKeyTransportCtxInit( - xmlSecNssKeyTransportCtxPtr ctx , - xmlSecBufferPtr in , - xmlSecBufferPtr out , - int encrypt , - xmlSecTransformCtxPtr transformCtx + xmlSecNssKeyTransportCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx ) { - int blockSize ; - - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - if( ctx->material != NULL ) { - xmlSecBufferDestroy( ctx->material ) ; - ctx->material = NULL ; - } - - if( ctx->pubkey != NULL ) { - blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; - } else if( ctx->prikey != NULL ) { - blockSize = PK11_SignatureLen( ctx->prikey ) ; - } else { - blockSize = -1 ; - } - - if( blockSize < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - ctx->material = xmlSecBufferCreate( blockSize ) ; - if( ctx->material == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferCreate" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - /* read raw key material into context */ - if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferSetData" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - return(0); + int blockSize ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + if( ctx->material != NULL ) { + xmlSecBufferDestroy( ctx->material ) ; + ctx->material = NULL ; + } + + if( ctx->pubkey != NULL ) { + blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; + } else if( ctx->prikey != NULL ) { + blockSize = PK11_SignatureLen( ctx->prikey ) ; + } else { + blockSize = -1 ; + } + + if( blockSize < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + NULL , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + ctx->material = xmlSecBufferCreate( blockSize ) ; + if( ctx->material == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* read raw key material into context */ + if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); } -static int +/** + * key wrap transform update + */ +static int xmlSecNssKeyTransportCtxUpdate( - xmlSecNssKeyTransportCtxPtr ctx , - xmlSecBufferPtr in , - xmlSecBufferPtr out , - int encrypt , - xmlSecTransformCtxPtr transformCtx + xmlSecNssKeyTransportCtxPtr ctx , + xmlSecBufferPtr in , + xmlSecBufferPtr out , + int encrypt , + xmlSecTransformCtxPtr transformCtx ) { - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( ctx->material != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - /* read raw key material and append into context */ - if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - return(0); + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + return(0); } -static int -xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, +/** + * Block cipher transform final + */ +static int +xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, xmlSecTransformCtxPtr transformCtx) { - PK11SymKey* symKey ; - PK11SlotInfo* slot ; - SECItem oriskv ; - int blockSize ; - xmlSecBufferPtr result ; - - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( ctx->material != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - /* read raw key material and append into context */ - if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - /* Now we get all of the key materail */ - /* from now on we will wrap or unwrap the key */ - if( ctx->pubkey != NULL ) { - blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; - } else if( ctx->prikey != NULL ) { - blockSize = PK11_SignatureLen( ctx->prikey ) ; - } else { - blockSize = -1 ; - } - - if( blockSize < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_GetBlockSize" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - result = xmlSecBufferCreate( blockSize * 2 ) ; - if( result == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL, - "xmlSecBufferCreate" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE) ; - return(-1); - } - - oriskv.type = siBuffer ; - oriskv.data = xmlSecBufferGetData( ctx->material ) ; - oriskv.len = xmlSecBufferGetSize( ctx->material ) ; - - if( encrypt != 0 ) { - CK_OBJECT_HANDLE id ; - SECItem wrpskv ; - - /* Create template symmetric key from material */ - slot = ctx->pubkey->pkcs11Slot; - if( slot == NULL ) { - slot = PK11_GetBestSlot( ctx->cipher, NULL ) ; - if( slot == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecNssSlotGet" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; - if( id == CK_INVALID_HANDLE ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ImportPublicKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - } - - /* pay attention to mechanism */ - symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; - if( symKey == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ImportSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - - wrpskv.type = siBuffer ; - wrpskv.data = xmlSecBufferGetData( result ) ; - wrpskv.len = xmlSecBufferGetMaxSize( result ) ; - - if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubWrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - - if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferSetSize" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - PK11_FreeSymKey( symKey ) ; - PK11_FreeSlot( slot ) ; - } else { - SECItem* keyItem ; - - /* pay attention to mechanism */ - symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ); - if( symKey == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubUnwrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - /* Extract raw data from symmetric key */ - if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ExtractKeyValue" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - keyItem = PK11_GetKeyData( symKey ); - if( keyItem == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_GetKeyData" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubUnwrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - PK11_FreeSymKey( symKey ) ; - } - - /* Write output */ - if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - xmlSecBufferDestroy(result); - - return(0); + PK11SymKey* symKey ; + PK11SlotInfo* slot ; + SECItem oriskv ; + int blockSize ; + xmlSecBufferPtr result ; + + xmlSecAssert2( ctx != NULL , -1 ) ; + xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; + xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; + xmlSecAssert2( ctx->keyId != NULL , -1 ) ; + xmlSecAssert2( ctx->material != NULL , -1 ) ; + xmlSecAssert2( in != NULL , -1 ) ; + xmlSecAssert2( out != NULL , -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + /* read raw key material and append into context */ + if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferRemoveHead" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + /* Now we get all of the key materail */ + /* from now on we will wrap or unwrap the key */ + if( ctx->pubkey != NULL ) { + blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; + } else if( ctx->prikey != NULL ) { + blockSize = PK11_SignatureLen( ctx->prikey ) ; + } else { + blockSize = -1 ; + } + + if( blockSize < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetBlockSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + result = xmlSecBufferCreate( blockSize * 2 ) ; + if( result == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL, + "xmlSecBufferCreate" , + XMLSEC_ERRORS_R_XMLSEC_FAILED , + XMLSEC_ERRORS_NO_MESSAGE) ; + return(-1); + } + + oriskv.type = siBuffer ; + oriskv.data = xmlSecBufferGetData( ctx->material ) ; + oriskv.len = xmlSecBufferGetSize( ctx->material ) ; + + if( encrypt != 0 ) { + CK_OBJECT_HANDLE id ; + SECItem wrpskv ; + + /* Create template symmetric key from material */ + slot = ctx->pubkey->pkcs11Slot; + if( slot == NULL ) { + slot = PK11_GetBestSlot( ctx->cipher, NULL ) ; + if( slot == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecNssSlotGet" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; + if( id == CK_INVALID_HANDLE ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ImportPublicKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + } + + /* pay attention to mechanism */ + symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; + if( symKey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ImportSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + + wrpskv.type = siBuffer ; + wrpskv.data = xmlSecBufferGetData( result ) ; + wrpskv.len = xmlSecBufferGetMaxSize( result ) ; + + if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_PubWrapSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + + if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferSetSize" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + PK11_FreeSlot( slot ) ; + return(-1); + } + PK11_FreeSymKey( symKey ) ; + PK11_FreeSlot( slot ) ; + } else { + SECItem* keyItem ; + + /* pay attention to mechanism */ + symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ); + if( symKey == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_PubUnwrapSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + /* Extract raw data from symmetric key */ + if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_ExtractKeyValue" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + keyItem = PK11_GetKeyData( symKey ); + if( keyItem == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_GetKeyData" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + return(-1); + } + + if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "PK11_PubUnwrapSymKey" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + PK11_FreeSymKey( symKey ) ; + xmlSecBufferDestroy(result); + return(-1); + } + PK11_FreeSymKey( symKey ) ; + } + + /* Write output */ + if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + NULL , + "xmlSecBufferAppend" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecBufferDestroy(result); + return(-1); + } + xmlSecBufferDestroy(result); + + return(0); } -static int +static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecNssKeyTransportCtxPtr context = NULL ; - xmlSecBufferPtr inBuf, outBuf ; - int operation ; - int rtv ; - - xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; - xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; - xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - context = xmlSecNssKeyTransportGetCtx( transform ) ; - if( context == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportGetCtx" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - inBuf = &( transform->inBuf ) ; - outBuf = &( transform->outBuf ) ; - - if( transform->status == xmlSecTransformStatusNone ) { - transform->status = xmlSecTransformStatusWorking ; - } - - operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; - if( transform->status == xmlSecTransformStatusWorking ) { - if( context->material == NULL ) { - rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxInit" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - } - - if( (context->material == NULL) && (last != 0) ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "No enough data to intialize transform" ) ; - return(-1); - } - - if( context->material != NULL ) { - rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxUpdate" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - } - - if( last ) { - rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxFinal" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - transform->status = xmlSecTransformStatusFinished ; - } - } else if( transform->status == xmlSecTransformStatusFinished ) { - if( xmlSecBufferGetSize( inBuf ) != 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "status=%d", transform->status ) ; - return(-1); - } - } else { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "status=%d", transform->status ) ; - return(-1); - } - - return(0); + xmlSecNssKeyTransportCtxPtr context = NULL ; + xmlSecBufferPtr inBuf, outBuf ; + int operation ; + int rtv ; + + xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; + xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; + xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; + xmlSecAssert2( transformCtx != NULL , -1 ) ; + + context = xmlSecNssKeyTransportGetCtx( transform ) ; + if( context == NULL ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportGetCtx" , + XMLSEC_ERRORS_R_CRYPTO_FAILED , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + + inBuf = &( transform->inBuf ) ; + outBuf = &( transform->outBuf ) ; + + if( transform->status == xmlSecTransformStatusNone ) { + transform->status = xmlSecTransformStatusWorking ; + } + + operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; + if( transform->status == xmlSecTransformStatusWorking ) { + if( context->material == NULL ) { + rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportCtxInit" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( (context->material == NULL) && (last != 0) ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "No enough data to intialize transform" ) ; + return(-1); + } + + if( context->material != NULL ) { + rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportCtxUpdate" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + } + + if( last ) { + rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; + if( rtv < 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + "xmlSecNssKeyTransportCtxFinal" , + XMLSEC_ERRORS_R_INVALID_STATUS , + XMLSEC_ERRORS_NO_MESSAGE ) ; + return(-1); + } + transform->status = xmlSecTransformStatusFinished ; + } + } else if( transform->status == xmlSecTransformStatusFinished ) { + if( xmlSecBufferGetSize( inBuf ) != 0 ) { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + } else { + xmlSecError( XMLSEC_ERRORS_HERE , + xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , + NULL , + XMLSEC_ERRORS_R_INVALID_STATUS , + "status=%d", transform->status ) ; + return(-1); + } + + return(0); } #ifndef XMLSEC_NO_RSA + static xmlSecTransformKlass xmlSecNssRsaPkcs1Klass = { /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ - - xmlSecNameRsaPkcs1, /* const xmlChar* name; */ - xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ + + xmlSecNameRsaPkcs1, /* const xmlChar* name; */ + xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; -/** +/** * xmlSecNssTransformRsaPkcs1GetKlass: * * The RSA-PKCS1 key transport transform klass. * * Returns: RSA-PKCS1 key transport transform klass. */ -xmlSecTransformId +xmlSecTransformId xmlSecNssTransformRsaPkcs1GetKlass(void) { return(&xmlSecNssRsaPkcs1Klass); } -#endif /* XMLSEC_NO_RSA */ -/* aleksey, April 2010: NSS 3.12.6 has CKM_RSA_PKCS_OAEP algorithm but - it doesn't implement the SHA1 OAEP PKCS we need - https://bugzilla.mozilla.org/show_bug.cgi?id=158747 -*/ -#ifdef XMLSEC_NSS_RSA_OAEP_TODO -#ifndef XMLSEC_NO_RSA +/* RSA OAEP is not supported by NSS yet */ +#ifdef TODO + static xmlSecTransformKlass xmlSecNssRsaOaepKlass = { /* klass/object sizes */ - sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ - xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ - - xmlSecNameRsaOaep, /* const xmlChar* name; */ - xmlSecHrefRsaOaep, /* const xmlChar* href; */ - xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ - - xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ - xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ - NULL, /* xmlSecTransformNodeReadMethod readNode; */ - NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ - xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ - xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ - NULL, /* xmlSecTransformValidateMethod validate; */ - xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ - xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ - xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ - NULL, /* xmlSecTransformPushXmlMethod pushXml; */ - NULL, /* xmlSecTransformPopXmlMethod popXml; */ - xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ - - NULL, /* void* reserved0; */ - NULL, /* void* reserved1; */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssKeyTransportSize, /* xmlSecSize objSize */ + + xmlSecNameRsaOaep, /* const xmlChar* name; */ + xmlSecHrefRsaOaep, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecNssKeyTransportInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssKeyTransportFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssKeyTransportSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecNssKeyTransportSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssKeyTransportExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ }; -/** +/** * xmlSecNssTransformRsaOaepGetKlass: * * The RSA-PKCS1 key transport transform klass. * * Returns: RSA-PKCS1 key transport transform klass. */ -xmlSecTransformId +xmlSecTransformId xmlSecNssTransformRsaOaepGetKlass(void) { return(&xmlSecNssRsaOaepKlass); } +#endif /* TODO: RSA OAEP is not supported by NSS yet */ + #endif /* XMLSEC_NO_RSA */ -#endif /* XMLSEC_NSS_RSA_OAEP_TODO */ -- cgit v1.2.3