summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiklos Vajna <vmiklos@collabora.co.uk>2018-06-25 08:02:09 +0200
committerMiklos Vajna <vmiklos@collabora.co.uk>2018-06-25 08:59:17 +0200
commit71d02f5b6ca78935df3d09ec0a5817f5870b056e (patch)
tree9282edc3b122d86e0c82500997acea4d119d60d8
parent364c828e6ea9e78a145a4ec32a677c7539a913a9 (diff)
xmlsecurity windows: implement ODF sign/verify with ECDSA keys
By making it possible to use libxmlsec's mscng backend instead of the old mscrypto one which lacks ECDSA support. make -sr CppunitTest_xmlsecurity_signing SVL_CRYPTO_CNG=1 CPPUNIT_TEST_NAME="SigningTest::testECDSA" passes with these changes, while it failed in the SVL_CRYPTO_CNG=1 case previously. Change-Id: Ic23e5af11d271ed84175abe3d5ad008c7cc9e071 Reviewed-on: https://gerrit.libreoffice.org/56370 Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk> Tested-by: Jenkins
-rw-r--r--xmlsecurity/Library_xsec_xmlsec.mk1
-rw-r--r--xmlsecurity/inc/xmlsec-wrapper.h3
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx146
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx8
-rw-r--r--xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx22
-rw-r--r--xmlsecurity/source/xmlsec/xmlsec_init.cxx48
6 files changed, 184 insertions, 44 deletions
diff --git a/xmlsecurity/Library_xsec_xmlsec.mk b/xmlsecurity/Library_xsec_xmlsec.mk
index 445d48e72a32..0c711885fc27 100644
--- a/xmlsecurity/Library_xsec_xmlsec.mk
+++ b/xmlsecurity/Library_xsec_xmlsec.mk
@@ -92,6 +92,7 @@ $(eval $(call gb_Library_add_defs,xsec_xmlsec,\
$(eval $(call gb_Library_add_libs,xsec_xmlsec,\
$(call gb_UnpackedTarball_get_dir,xmlsec)/win32/binaries/libxmlsec-mscrypto.lib \
+ $(call gb_UnpackedTarball_get_dir,xmlsec)/win32/binaries/libxmlsec-mscng.lib \
$(call gb_UnpackedTarball_get_dir,xmlsec)/win32/binaries/libxmlsec.lib \
))
diff --git a/xmlsecurity/inc/xmlsec-wrapper.h b/xmlsecurity/inc/xmlsec-wrapper.h
index c6edfba935e0..0633bd3c1585 100644
--- a/xmlsecurity/inc/xmlsec-wrapper.h
+++ b/xmlsecurity/inc/xmlsec-wrapper.h
@@ -31,7 +31,6 @@
#include <xmlsec/base64.h>
#include <xmlsec/bn.h>
-#include <xmlsec/crypto.h>
#include <xmlsec/errors.h>
#include <xmlsec/io.h>
#include <xmlsec/keysmngr.h>
@@ -41,6 +40,8 @@
#include <xmlsec/xmlsec.h>
#include <xmlsec/xmltree.h>
#ifdef XMLSEC_CRYPTO_NSS
+#include <xmlsec/nss/app.h>
+#include <xmlsec/nss/crypto.h>
#include <xmlsec/nss/pkikeys.h>
#endif
diff --git a/xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx b/xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx
index 778cb93e3f38..8918e1d80b24 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/akmngr.cxx
@@ -27,6 +27,10 @@
#include <xmlsec/mscrypto/crypto.h>
#include <xmlsec/mscrypto/keysstore.h>
#include <xmlsec/mscrypto/x509.h>
+#include <xmlsec/mscng/crypto.h>
+#include <xmlsec/mscng/keysstore.h>
+#include <xmlsec/mscng/x509.h>
+#include <svl/cryptosign.hxx>
namespace xmlsecurity
{
@@ -43,7 +47,10 @@ xmlSecKeysMngrPtr MSCryptoAppliedKeysMngrCreate()
xmlSecKeysMngrPtr keyMngr = nullptr ;
xmlSecKeyStorePtr keyStore = nullptr ;
- keyStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId) ;
+ if (!svl::crypto::isMSCng())
+ keyStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId) ;
+ else
+ keyStore = xmlSecKeyStoreCreate(xmlSecMSCngKeysStoreId);
if (keyStore == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -95,16 +102,33 @@ xmlSecKeysMngrPtr MSCryptoAppliedKeysMngrCreate()
/*-
* Initialize crypto library specific data in keys manager
*/
- if (xmlSecMSCryptoKeysMngrInit(keyMngr) < 0)
+ if (!svl::crypto::isMSCng())
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- nullptr,
- "xmlSecMSCryptoKeysMngrInit",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE) ;
-
- xmlSecKeysMngrDestroy(keyMngr) ;
- return nullptr ;
+ if (xmlSecMSCryptoKeysMngrInit(keyMngr) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ nullptr,
+ "xmlSecMSCryptoKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE) ;
+
+ xmlSecKeysMngrDestroy(keyMngr) ;
+ return nullptr ;
+ }
+ }
+ else
+ {
+ if (xmlSecMSCngKeysMngrInit(keyMngr) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ nullptr,
+ "xmlSecMSCngKeysMngrInit",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+
+ xmlSecKeysMngrDestroy(keyMngr);
+ return nullptr;
+ }
}
/*-
@@ -133,7 +157,10 @@ MSCryptoAppliedKeysMngrAdoptKeyStore(
xmlSecAssert2(mngr != nullptr, -1) ;
xmlSecAssert2(keyStore != nullptr, -1) ;
- x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
+ if (!svl::crypto::isMSCng())
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
+ else
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
if (x509Store == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -144,14 +171,29 @@ MSCryptoAppliedKeysMngrAdoptKeyStore(
return -1 ;
}
- if (xmlSecMSCryptoX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
+ if (!svl::crypto::isMSCng())
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
- "xmlSecMSCryptoX509StoreAdoptKeyStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE) ;
- return -1 ;
+ if (xmlSecMSCryptoX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
+ "xmlSecMSCryptoX509StoreAdoptKeyStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE) ;
+ return -1 ;
+ }
+ }
+ else
+ {
+ if (xmlSecMSCngX509StoreAdoptKeyStore(x509Store, keyStore) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
+ "xmlSecMSCngX509StoreAdoptKeyStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return -1;
+ }
}
return 0 ;
@@ -168,7 +210,10 @@ MSCryptoAppliedKeysMngrAdoptTrustedStore(
xmlSecAssert2(mngr != nullptr, -1) ;
xmlSecAssert2(trustedStore != nullptr, -1) ;
- x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
+ if (!svl::crypto::isMSCng())
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
+ else
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
if (x509Store == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -179,14 +224,29 @@ MSCryptoAppliedKeysMngrAdoptTrustedStore(
return -1 ;
}
- if (xmlSecMSCryptoX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
+ if (!svl::crypto::isMSCng())
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
- "xmlSecMSCryptoX509StoreAdoptKeyStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE) ;
- return -1 ;
+ if (xmlSecMSCryptoX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
+ "xmlSecMSCryptoX509StoreAdoptKeyStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE) ;
+ return -1 ;
+ }
+ }
+ else
+ {
+ if (xmlSecMSCngX509StoreAdoptTrustedStore(x509Store, trustedStore) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
+ "xmlSecMSCngX509StoreAdoptKeyStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return -1;
+ }
}
return 0 ;
@@ -203,7 +263,10 @@ MSCryptoAppliedKeysMngrAdoptUntrustedStore(
xmlSecAssert2(mngr != nullptr, -1) ;
xmlSecAssert2(untrustedStore != nullptr, -1) ;
- x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
+ if (!svl::crypto::isMSCng())
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId) ;
+ else
+ x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId);
if (x509Store == nullptr)
{
xmlSecError(XMLSEC_ERRORS_HERE,
@@ -214,14 +277,29 @@ MSCryptoAppliedKeysMngrAdoptUntrustedStore(
return -1 ;
}
- if (xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
+ if (!svl::crypto::isMSCng())
{
- xmlSecError(XMLSEC_ERRORS_HERE,
- xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
- "xmlSecMSCryptoX509StoreAdoptKeyStore",
- XMLSEC_ERRORS_R_XMLSEC_FAILED,
- XMLSEC_ERRORS_NO_MESSAGE) ;
- return -1 ;
+ if (xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
+ "xmlSecMSCryptoX509StoreAdoptKeyStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE) ;
+ return -1 ;
+ }
+ }
+ else
+ {
+ if (xmlSecMSCngX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0)
+ {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(x509Store)),
+ "xmlSecMSCngX509StoreAdoptKeyStore",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return -1;
+ }
}
return 0 ;
diff --git a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
index 4f1b7e81221f..9e2ccf928a08 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/securityenvironment_mscryptimpl.cxx
@@ -1056,6 +1056,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hMySystemStore = nullptr;
throw uno::RuntimeException() ;
}
+ if (svl::crypto::isMSCng())
+ m_hMySystemStore = nullptr;
}
//Add system root store into the keys manager.
@@ -1066,6 +1068,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hRootSystemStore = nullptr;
throw uno::RuntimeException() ;
}
+ if (svl::crypto::isMSCng())
+ m_hRootSystemStore = nullptr;
}
//Add system trusted store into the keys manager.
@@ -1076,6 +1080,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hTrustSystemStore = nullptr;
throw uno::RuntimeException() ;
}
+ if (svl::crypto::isMSCng())
+ m_hTrustSystemStore = nullptr;
}
//Add system CA store into the keys manager.
@@ -1086,6 +1092,8 @@ xmlSecKeysMngrPtr SecurityEnvironment_MSCryptImpl::createKeysManager() {
m_hCaSystemStore = nullptr;
throw uno::RuntimeException() ;
}
+ if (svl::crypto::isMSCng())
+ m_hCaSystemStore = nullptr;
}
}
diff --git a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
index c31041cedc03..f2df751addfb 100644
--- a/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
+++ b/xmlsecurity/source/xmlsec/mscrypt/seinitializer_mscryptimpl.cxx
@@ -24,10 +24,12 @@
#include <xmlsec-wrapper.h>
#include <xmlsec/mscrypto/app.h>
+#include <xmlsec/mscng/app.h>
#include <com/sun/star/xml/crypto/SecurityEnvironment.hpp>
#include <com/sun/star/xml/crypto/XMLSecurityContext.hpp>
#include <cppuhelper/supportsservice.hxx>
#include <o3tl/char16_t2wchar_t.hxx>
+#include <svl/cryptosign.hxx>
using namespace com::sun::star;
namespace cssl = com::sun::star::lang;
@@ -69,7 +71,10 @@ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
n_hStoreHandle = nullptr ;
}
- xmlSecMSCryptoAppInit( n_pCertStore ) ;
+ if (!svl::crypto::isMSCng())
+ xmlSecMSCryptoAppInit( n_pCertStore ) ;
+ else
+ xmlSecMSCngAppInit(n_pCertStore);
try {
/* Build Security Environment */
@@ -85,7 +90,10 @@ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
}
- xmlSecMSCryptoAppShutdown() ;
+ if (!svl::crypto::isMSCng())
+ xmlSecMSCryptoAppShutdown() ;
+ else
+ xmlSecMSCngAppShutdown();
return nullptr;
}
@@ -112,7 +120,10 @@ uno::Reference< cssxc::XXMLSecurityContext > SAL_CALL
CertCloseStore( n_hStoreHandle, CERT_CLOSE_STORE_FORCE_FLAG ) ;
}
- xmlSecMSCryptoAppShutdown() ;
+ if (!svl::crypto::isMSCng())
+ xmlSecMSCryptoAppShutdown() ;
+ else
+ xmlSecMSCngAppShutdown();
return nullptr;
}
}
@@ -143,7 +154,10 @@ void SAL_CALL SEInitializer_MSCryptImpl::freeSecurityContext( const uno::Referen
}
*/
- xmlSecMSCryptoAppShutdown() ;
+ if (!svl::crypto::isMSCng())
+ xmlSecMSCryptoAppShutdown() ;
+ else
+ xmlSecMSCngAppShutdown();
}
/* XServiceInfo */
diff --git a/xmlsecurity/source/xmlsec/xmlsec_init.cxx b/xmlsecurity/source/xmlsec/xmlsec_init.cxx
index 181fcac98a1b..552c1d481695 100644
--- a/xmlsecurity/source/xmlsec/xmlsec_init.cxx
+++ b/xmlsecurity/source/xmlsec/xmlsec_init.cxx
@@ -13,6 +13,13 @@
#include <xmlsec/xmlstreamio.hxx>
#include <xmlsec-wrapper.h>
+#include <svl/cryptosign.hxx>
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscng/crypto.h>
+#else
+#include <xmlsec/nss/crypto.h>
+#endif
using namespace css::uno;
@@ -24,14 +31,38 @@ XSECXMLSEC_DLLPUBLIC void initXmlSec()
}
//Init xmlsec crypto engine library
- if( xmlSecCryptoInit() < 0 ) {
- xmlSecShutdown() ;
- throw RuntimeException() ;
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+ if (!svl::crypto::isMSCng())
+ {
+ if( xmlSecMSCryptoInit() < 0 ) {
+ xmlSecShutdown() ;
+ throw RuntimeException() ;
+ }
+ }
+ else
+ {
+ if( xmlSecMSCngInit() < 0 ) {
+ xmlSecShutdown();
+ throw RuntimeException();
+ }
+ }
+#else
+ if( xmlSecNssInit() < 0 ) {
+ xmlSecShutdown();
+ throw RuntimeException();
}
+#endif
//Enable external stream handlers
if( xmlEnableStreamInputCallbacks() < 0 ) {
- xmlSecCryptoShutdown() ;
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+ if (!svl::crypto::isMSCng())
+ xmlSecMSCryptoShutdown();
+ else
+ xmlSecMSCngShutdown();
+#else
+ xmlSecNssShutdown();
+#endif
xmlSecShutdown() ;
throw RuntimeException() ;
}
@@ -40,7 +71,14 @@ XSECXMLSEC_DLLPUBLIC void initXmlSec()
XSECXMLSEC_DLLPUBLIC void deInitXmlSec()
{
xmlDisableStreamInputCallbacks();
- xmlSecCryptoShutdown();
+#ifdef XMLSEC_CRYPTO_MSCRYPTO
+ if (!svl::crypto::isMSCng())
+ xmlSecMSCryptoShutdown();
+ else
+ xmlSecMSCngShutdown();
+#else
+ xmlSecNssShutdown();
+#endif
xmlSecShutdown();
}