summaryrefslogtreecommitdiff
path: root/include/xmlsec/xmldsig.h
blob: 21f629a462eb4a80d8259c96b7c70898606ca12a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
/**
 * XML Security Library (http://www.aleksey.com/xmlsec).
 *
 * "XML Digital Signature" implementation
 *  http://www.w3.org/TR/xmldsig-core/
 *  http://www.w3.org/Signature/Overview.html
 *
 * This is free software; see Copyright file in the source
 * distribution for preciese wording.
 *
 * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved.
 */
#ifndef __XMLSEC_XMLDSIG_H__
#define __XMLSEC_XMLDSIG_H__

#ifndef XMLSEC_NO_XMLDSIG

#ifdef __cplusplus
extern "C" {
#endif /* __cplusplus */

#include <libxml/tree.h>
#include <libxml/parser.h>


#include <xmlsec/xmlsec.h>
#include <xmlsec/list.h>
#include <xmlsec/buffer.h>
#include <xmlsec/keys.h>
#include <xmlsec/keysmngr.h>
#include <xmlsec/keyinfo.h>
#include <xmlsec/transforms.h>

typedef struct _xmlSecDSigReferenceCtx          xmlSecDSigReferenceCtx,
                                                *xmlSecDSigReferenceCtxPtr;

/**
 * xmlSecDSigStatus:
 * @xmlSecDSigStatusUnknown:    the status is unknown.
 * @xmlSecDSigStatusSucceeded:  the processing succeeded.
 * @xmlSecDSigStatusInvalid:    the processing failed.
 *
 * XML Digital signature processing status.
 */
typedef enum {
    xmlSecDSigStatusUnknown = 0,
    xmlSecDSigStatusSucceeded,
    xmlSecDSigStatusInvalid
} xmlSecDSigStatus;

/**************************************************************************
 *
 * xmlSecDSigCtx
 *
 *************************************************************************/

/**
 * XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS:
 *
 * If this flag is set then <dsig:Manifests/> nodes will not be processed.
 */
#define XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS                      0x00000001

/**
 * XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES:
 *
 * If this flag is set then pre-digest buffer for <dsig:Reference/> child
 * of <dsig:KeyInfo/> element will be stored in #xmlSecDSigCtx.
 */
#define XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES           0x00000002

/**
 * XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES:
 *
 * If this flag is set then pre-digest buffer for <dsig:Reference/> child
 * of <dsig:Manifest/> element will be stored in #xmlSecDSigCtx.
 */
#define XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES             0x00000004

/**
 * XMLSEC_DSIG_FLAGS_STORE_SIGNATURE:
 *
 * If this flag is set then pre-signature buffer for <dsig:SignedInfo/>
 * element processing will be stored in #xmlSecDSigCtx.
 */
#define XMLSEC_DSIG_FLAGS_STORE_SIGNATURE                       0x00000008

/**
 * XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK:
 *
 * If this flag is set then URI ID references are resolved directly
 * without using XPointers. This allows one to sign/verify Visa3D
 * documents that don't follow XML, XPointer and XML DSig specifications.
 */
#define XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK                       0x00000010

/** TIZEN CUSTUMIZED
 * XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES:
 *
 * If this flag is set then <dsig:Reference/> nodes will not be processed.
 */
#define XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES                     0x00000020

/** TIZEN CUSTUMIZED
 * XMLSEC_DSIG_FLAGS_CHECK_PROXY:
 *
 * If this flag is set then xmlSecProxyCtx will be processed.
 */
#define XMLSEC_DSIG_FLAGS_CHECK_PROXY                           0x00000040

/** TIZEN CUSTUMIZED
 * XMLSEC_DSIG_FLAGS_SKIP_PROXY:
 *
 * If this flag is set then xmlSecProxyCtx will not be processed.
 */
#define XMLSEC_DSIG_FLAGS_SKIP_PROXY                            0x00000080

/** TIZEN CUSTUMIZED
 * @cache:                      the cache include reference uri for supporting partial mode.
 *                              cache represented uri will be check on processing references.
 * @next:                       the pointer to indicate linked node (xmlSecProxyCtx).
 */
struct _xmlSecProxyCtx {
    xmlChar*                    cache;
    struct _xmlSecProxyCtx*     next;
};

typedef struct _xmlSecProxyCtx                  xmlSecProxyCtx,
                                                *xmlSecProxyCtxPtr;

/**
 * xmlSecDSigCtx:
 * @userData:                   the pointer to user data (xmlsec and xmlsec-crypto libraries
 *                              never touches this).
 * @flags:                      the XML Digital Signature processing flags.
 * @flags2:                     the XML Digital Signature processing flags.
 * @keyInfoReadCtx:             the reading key context.
 * @keyInfoWriteCtx:            the writing key context (not used for signature verification).
 * @transformCtx:               the <dsig:SignedInfo/> node processing context.
 * @enabledReferenceUris:       the URI types allowed for <dsig:Reference/> node.
 * @enabledReferenceTransforms: the list of transforms allowed in <dsig:Reference/> node.
 * @referencePreExecuteCallback:the callback for <dsig:Reference/> node processing.
 * @defSignMethodId:            the default signing method klass.
 * @defC14NMethodId:            the default c14n method klass.
 * @defDigestMethodId:          the default digest method klass.
 * @signKey:                    the signature key; application may set #signKey
 *                              before calling #xmlSecDSigCtxSign or #xmlSecDSigCtxVerify
 *                              functions.
 * @operation:                  the operation: sign or verify.
 * @result:                     the pointer to signature (not valid for signature verification).
 * @status:                     the <dsig:Signatuire/> processing status.
 * @signMethod:                 the pointer to signature transform.
 * @c14nMethod:                 the pointer to c14n transform.
 * @preSignMemBufMethod:        the pointer to binary buffer right before signature
 *                              (valid only if #XMLSEC_DSIG_FLAGS_STORE_SIGNATURE flag is set).
 * @signValueNode:              the pointer to <dsig:SignatureValue/> node.
 * @id:                         the pointer to Id attribute of <dsig:Signature/> node.
 * @signedInfoReferences:       the list of references in <dsig:SignedInfo/> node.
 * @manifestReferences:         the list of references in <dsig:Manifest/> nodes.
 * @reserved0:                  reserved for the future.
 * @reserved1:                  reserved for the future.
 *
 * XML DSig processing context.
 */
struct _xmlSecDSigCtx {
    /* these data user can set before performing the operation */
    void*                       userData;
    unsigned int                flags;
    unsigned int                flags2;
    xmlSecKeyInfoCtx            keyInfoReadCtx;
    xmlSecKeyInfoCtx            keyInfoWriteCtx;
    xmlSecTransformCtx          transformCtx;
    xmlSecTransformUriType      enabledReferenceUris;
    xmlSecPtrListPtr            enabledReferenceTransforms;
    xmlSecTransformCtxPreExecuteCallback referencePreExecuteCallback;
    xmlSecTransformId           defSignMethodId;
    xmlSecTransformId           defC14NMethodId;
    xmlSecTransformId           defDigestMethodId;

    /* TIZEN CUTUMIZED: these data user can set before performing the operation */
    xmlSecProxyCtxPtr           proxyCtxPtr;

    /* these data are returned */
    xmlSecKeyPtr                signKey;
    xmlSecTransformOperation    operation;
    xmlSecBufferPtr             result;
    xmlSecDSigStatus            status;
    xmlSecTransformPtr          signMethod;
    xmlSecTransformPtr          c14nMethod;
    xmlSecTransformPtr          preSignMemBufMethod;
    xmlNodePtr                  signValueNode;
    xmlChar*                    id;
    xmlSecPtrList               signedInfoReferences;
    xmlSecPtrList               manifestReferences;

    /* reserved for future */
    void*                       reserved0;
    void*                       reserved1;
};

/* constructor/destructor */
XMLSEC_EXPORT xmlSecDSigCtxPtr  xmlSecDSigCtxCreate             (xmlSecKeysMngrPtr keysMngr);
XMLSEC_EXPORT void              xmlSecDSigCtxDestroy            (xmlSecDSigCtxPtr dsigCtx);
XMLSEC_EXPORT int               xmlSecDSigCtxInitialize         (xmlSecDSigCtxPtr dsigCtx,
                                                                 xmlSecKeysMngrPtr keysMngr);
XMLSEC_EXPORT void              xmlSecDSigCtxFinalize           (xmlSecDSigCtxPtr dsigCtx);
XMLSEC_EXPORT int               xmlSecDSigCtxSign               (xmlSecDSigCtxPtr dsigCtx,
                                                                 xmlNodePtr tmpl);
XMLSEC_EXPORT int               xmlSecDSigCtxVerify             (xmlSecDSigCtxPtr dsigCtx,
                                                                 xmlNodePtr node);
XMLSEC_EXPORT int               xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx,
                                                                xmlSecTransformId transformId);
XMLSEC_EXPORT int               xmlSecDSigCtxEnableSignatureTransform(xmlSecDSigCtxPtr dsigCtx,
                                                                xmlSecTransformId transformId);
XMLSEC_EXPORT xmlSecBufferPtr   xmlSecDSigCtxGetPreSignBuffer   (xmlSecDSigCtxPtr dsigCtx);
XMLSEC_EXPORT void              xmlSecDSigCtxDebugDump          (xmlSecDSigCtxPtr dsigCtx,
                                                                 FILE* output);
XMLSEC_EXPORT void              xmlSecDSigCtxDebugXmlDump       (xmlSecDSigCtxPtr dsigCtx,
                                                                 FILE* output);

/* TIZEN CUSTUMIZED: xmlSecProxyCtx operator */
XMLSEC_EXPORT int               xmlSecProxyCtxAdd               (xmlSecProxyCtxPtr* proxyCtxPtrPtr,
                                                                 const xmlChar* uri);
XMLSEC_EXPORT void              xmlSecProxyCtxDestroy           (xmlSecProxyCtxPtr proxyCtxPtr);

/**************************************************************************
 *
 * xmlSecDSigReferenceCtx
 *
 *************************************************************************/
/**
 * xmlSecDSigReferenceOrigin:
 * @xmlSecDSigReferenceOriginSignedInfo:reference in <dsig:SignedInfo> node.
 * @xmlSecDSigReferenceOriginManifest:  reference <dsig:Manifest> node.
 *
 * The possible <dsig:Reference/> node locations: in the <dsig:SignedInfo/>
 * node or in the <dsig:Manifest/> node.
 */
typedef enum  {
    xmlSecDSigReferenceOriginSignedInfo,
    xmlSecDSigReferenceOriginManifest
} xmlSecDSigReferenceOrigin;

/**
 * xmlSecDSigReferenceCtx:
 * @userData:                   the pointer to user data (xmlsec and xmlsec-crypto libraries
 *                              never touches this).
 * @dsigCtx:                    the pointer to "parent" <dsig:Signature/> processing context.
 * @origin:                     the signature origin (<dsig:SignedInfo/> or <dsig:Manifest/>).
 * @transformCtx:               the reference processing transforms context.
 * @digestMethod:               the pointer to digest transform.
 * @result:                     the pointer to digest result.
 * @status:                     the reference processing status.
 * @preDigestMemBufMethod:      the pointer to binary buffer right before digest
 *                              (valid only if either
 *                              #XMLSEC_DSIG_FLAGS_STORE_SIGNEDINFO_REFERENCES or
 *                              #XMLSEC_DSIG_FLAGS_STORE_MANIFEST_REFERENCES flags are set).
 * @id:                         the <dsig:Reference/> node ID attribute.
 * @uri:                        the <dsig:Reference/> node URI attribute.
 * @type:                       the <dsig:Reference/> node Type attribute.
 * @reserved0:                  reserved for the future.
 * @reserved1:                  reserved for the future.
 *
 * The <dsig:Reference/> processing context.
 */
struct _xmlSecDSigReferenceCtx {
    void*                       userData;
    xmlSecDSigCtxPtr            dsigCtx;
    xmlSecDSigReferenceOrigin   origin;
    xmlSecTransformCtx          transformCtx;
    xmlSecTransformPtr          digestMethod;

    xmlSecBufferPtr             result;
    xmlSecDSigStatus            status;
    xmlSecTransformPtr          preDigestMemBufMethod;
    xmlChar*                    id;
    xmlChar*                    uri;
    xmlChar*                    type;

     /* reserved for future */
    void*                       reserved0;
    void*                       reserved1;
};

XMLSEC_EXPORT xmlSecDSigReferenceCtxPtr xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx,
                                                                xmlSecDSigReferenceOrigin origin);
XMLSEC_EXPORT void              xmlSecDSigReferenceCtxDestroy   (xmlSecDSigReferenceCtxPtr dsigRefCtx);
XMLSEC_EXPORT int               xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                                                xmlSecDSigCtxPtr dsigCtx,
                                                                xmlSecDSigReferenceOrigin origin);
XMLSEC_EXPORT void              xmlSecDSigReferenceCtxFinalize  (xmlSecDSigReferenceCtxPtr dsigRefCtx);
XMLSEC_EXPORT int               xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                                                  xmlNodePtr node);
XMLSEC_EXPORT xmlSecBufferPtr   xmlSecDSigReferenceCtxGetPreDigestBuffer
                                                                (xmlSecDSigReferenceCtxPtr dsigRefCtx);
XMLSEC_EXPORT void              xmlSecDSigReferenceCtxDebugDump (xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                                                 FILE* output);
XMLSEC_EXPORT void              xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx,
                                                                 FILE* output);

/**************************************************************************
 *
 * xmlSecDSigReferenceCtxListKlass
 *
 *************************************************************************/
/**
 * xmlSecDSigReferenceCtxListId:
 *
 * The references list klass.
 */
#define xmlSecDSigReferenceCtxListId \
        xmlSecDSigReferenceCtxListGetKlass()
XMLSEC_EXPORT xmlSecPtrListId   xmlSecDSigReferenceCtxListGetKlass(void);

#ifdef __cplusplus
}
#endif /* __cplusplus */

#endif /* XMLSEC_NO_XMLDSIG */

#endif /* __XMLSEC_XMLDSIG_H__ */