diff options
| author | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-03-22 20:52:15 +0100 |
|---|---|---|
| committer | Miklos Vajna <vmiklos@collabora.co.uk> | 2016-07-08 09:51:30 +0200 |
| commit | 4fb9e493d76dd35a6409e9babc3314c33ba2b601 (patch) | |
| tree | 1e2747b0577ae4315006946a50613f651a058eb8 /external | |
| parent | 0fe3800647174ab56c99acab0c892d3f4b1aa7d2 (diff) | |
xmlsec: clean up the nss keywrapper part of xmlsec1-customkeymanage.patch.1
All of this is already provided by src/nss/kw_*.c. If I build xmlsec as
a shared lib, I even get linker errors due to duplicated symbols. For
some reason that does not show up in our situation where we build nss as
a static lib and link to it in xmlsecurity.
Change-Id: If6e00bf3a818a0146c9c30c51174d8e0acab43a9
Reviewed-on: https://gerrit.libreoffice.org/23443
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Miklos Vajna <vmiklos@collabora.co.uk>
(cherry picked from commit 5de18e6a1fe643f1cf15b8456587208ecb11e1c5)
Diffstat (limited to 'external')
| -rw-r--r-- | external/libxmlsec/xmlsec1-customkeymanage.patch.1 | 1292 |
1 files changed, 31 insertions, 1261 deletions
diff --git a/external/libxmlsec/xmlsec1-customkeymanage.patch.1 b/external/libxmlsec/xmlsec1-customkeymanage.patch.1 index 82e6b4366d1a..30ecfe0b5f4d 100644 --- a/external/libxmlsec/xmlsec1-customkeymanage.patch.1 +++ b/external/libxmlsec/xmlsec1-customkeymanage.patch.1 @@ -13,37 +13,35 @@ Conflicts: src/nss/x509.c src/nss/x509vfy.c --- - include/xmlsec/mscrypto/Makefile.am | 1 + - include/xmlsec/mscrypto/Makefile.in | 1 + - include/xmlsec/mscrypto/akmngr.h | 71 ++ - include/xmlsec/nss/Makefile.am | 3 + - include/xmlsec/nss/Makefile.in | 3 + - include/xmlsec/nss/akmngr.h | 56 ++ - include/xmlsec/nss/app.h | 5 + - include/xmlsec/nss/ciphers.h | 35 + - include/xmlsec/nss/keysstore.h | 4 + - include/xmlsec/nss/tokens.h | 182 ++++++ - src/mscrypto/akmngr.c | 236 +++++++ - src/nss/Makefile.am | 3 + - src/nss/Makefile.in | 30 +- - src/nss/akmngr.c | 384 +++++++++++ - src/nss/hmac.c | 8 +- - src/nss/keysstore.c | 826 ++++++++++++++++-------- - src/nss/keywrapers.c | 1213 +++++++++++++++++++++++++++++++++++ - src/nss/pkikeys.c | 51 +- - src/nss/symkeys.c | 705 +++++++++++++++++++- - src/nss/tokens.c | 548 ++++++++++++++++ - src/nss/x509.c | 565 ++++------------ - src/nss/x509vfy.c | 292 +++------ - win32/Makefile.msvc | 4 + - 23 files changed, 4256 insertions(+), 970 deletions(-) + include/xmlsec/mscrypto/Makefile.am | 1 + + include/xmlsec/mscrypto/Makefile.in | 1 + + include/xmlsec/mscrypto/akmngr.h | 71 ++++ + include/xmlsec/nss/Makefile.am | 3 + + include/xmlsec/nss/Makefile.in | 3 + + include/xmlsec/nss/akmngr.h | 56 +++ + include/xmlsec/nss/app.h | 5 + + include/xmlsec/nss/ciphers.h | 35 ++ + include/xmlsec/nss/keysstore.h | 4 + + include/xmlsec/nss/tokens.h | 182 ++++++++ + src/mscrypto/akmngr.c | 236 +++++++++++ + src/nss/Makefile.am | 2 + + src/nss/Makefile.in | 22 +- + src/nss/akmngr.c | 384 +++++++++++++++++ + src/nss/hmac.c | 8 +- + src/nss/keysstore.c | 826 +++++++++++++++++++++++++----------- + src/nss/pkikeys.c | 51 ++- + src/nss/symkeys.c | 705 ++++++++++++++++++++++++++++-- + src/nss/tokens.c | 548 ++++++++++++++++++++++++ + src/nss/x509.c | 565 +++++------------------- + src/nss/x509vfy.c | 292 ++++--------- + win32/Makefile.msvc | 4 + + 22 files changed, 3034 insertions(+), 970 deletions(-) create mode 100644 include/xmlsec/mscrypto/akmngr.h create mode 100644 include/xmlsec/nss/akmngr.h create mode 100644 include/xmlsec/nss/ciphers.h create mode 100644 include/xmlsec/nss/tokens.h create mode 100644 src/mscrypto/akmngr.c create mode 100644 src/nss/akmngr.c - create mode 100644 src/nss/keywrapers.c create mode 100644 src/nss/tokens.c diff --git a/include/xmlsec/mscrypto/Makefile.am b/include/xmlsec/mscrypto/Makefile.am @@ -754,21 +752,20 @@ index 0000000..3bbd124 +} + diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am -index 8cd8586..48a6bf9 100644 +index 8cd8586..a14199e 100644 --- a/src/nss/Makefile.am +++ b/src/nss/Makefile.am -@@ -35,6 +35,9 @@ libxmlsec1_nss_la_SOURCES =\ +@@ -35,6 +35,8 @@ libxmlsec1_nss_la_SOURCES =\ kw_des.c \ kw_aes.c \ globals.h \ + akmngr.c \ -+ keywrapers.c \ + tokens.c \ $(NULL) if SHAREDLIB_HACK diff --git a/src/nss/Makefile.in b/src/nss/Makefile.in -index 0003297..3b53588 100644 +index 0003297..8179e59 100644 --- a/src/nss/Makefile.in +++ b/src/nss/Makefile.in @@ -72,7 +72,8 @@ am__DEPENDENCIES_1 = @@ -777,7 +774,7 @@ index 0003297..3b53588 100644 x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ - ../strings.c + ../strings.c \ -+ akmngr.c keywrapers.c tokens.c ++ akmngr.c tokens.c am__objects_1 = @SHAREDLIB_HACK_TRUE@am__objects_2 = libxmlsec1_nss_la-strings.lo am_libxmlsec1_nss_la_OBJECTS = libxmlsec1_nss_la-app.lo \ @@ -785,7 +782,7 @@ index 0003297..3b53588 100644 libxmlsec1_nss_la-x509.lo libxmlsec1_nss_la-x509vfy.lo \ libxmlsec1_nss_la-keysstore.lo libxmlsec1_nss_la-keytrans.lo \ libxmlsec1_nss_la-kw_des.lo libxmlsec1_nss_la-kw_aes.lo \ -+ libxmlsec1_nss_la-akmngr.lo libxmlsec1_nss_la-keywrapers.lo \ ++ libxmlsec1_nss_la-akmngr.lo \ + libxmlsec1_nss_la-tokens.lo \ $(am__objects_1) $(am__objects_2) libxmlsec1_nss_la_OBJECTS = $(am_libxmlsec1_nss_la_OBJECTS) @@ -794,21 +791,20 @@ index 0003297..3b53588 100644 libxmlsec1_nss_la_SOURCES = app.c bignum.c ciphers.c crypto.c \ digests.c hmac.c pkikeys.c signatures.c symkeys.c x509.c \ x509vfy.c keysstore.c keytrans.c kw_des.c kw_aes.c globals.h \ -+ akmngr.c keywrapers.c tokens.c \ ++ akmngr.c tokens.c \ $(NULL) $(am__append_1) libxmlsec1_nss_la_LIBADD = \ $(NSS_LIBS) \ -@@ -446,6 +450,9 @@ distclean-compile: +@@ -446,6 +450,8 @@ distclean-compile: @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-symkeys.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509.Plo@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-x509vfy.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-akmngr.Plo@am__quote@ -+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo@am__quote@ .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@@ -475,6 +482,27 @@ libxmlsec1_nss_la-app.lo: app.c +@@ -475,6 +481,20 @@ libxmlsec1_nss_la-app.lo: app.c @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-app.lo `test -f 'app.c' || echo '$(srcdir)/'`app.c @@ -819,13 +815,6 @@ index 0003297..3b53588 100644 +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-akmngr.lo `test -f 'akmngr.c' || echo '$(srcdir)/'`akmngr.c + -+libxmlsec1_nss_la-keywrapers.lo: keywrapers.c -+@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-keywrapers.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c; \ -+@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-keywrapers.Tpo"; exit 1; fi -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ source='keywrapers.c' object='libxmlsec1_nss_la-keywrapers.lo' libtool=yes @AMDEPBACKSLASH@ -+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -+@am__fastdepCC_FALSE@ $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o libxmlsec1_nss_la-keywrapers.lo `test -f 'keywrapers.c' || echo '$(srcdir)/'`keywrapers.c -+ +libxmlsec1_nss_la-tokens.lo: tokens.c +@am__fastdepCC_TRUE@ if $(LIBTOOL) --mode=compile --tag=CC $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libxmlsec1_nss_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT libxmlsec1_nss_la-tokens.lo -MD -MP -MF "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" -c -o libxmlsec1_nss_la-tokens.lo `test -f 'tokens.c' || echo '$(srcdir)/'`tokens.c; \ +@am__fastdepCC_TRUE@ then mv -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo" "$(DEPDIR)/libxmlsec1_nss_la-tokens.Plo"; else rm -f "$(DEPDIR)/libxmlsec1_nss_la-tokens.Tpo"; exit 1; fi @@ -2185,1225 +2174,6 @@ index f07e44b..e4cb0f1 100644 + xmlFreeDoc(doc); + return(0); } -diff --git a/src/nss/keywrapers.c b/src/nss/keywrapers.c -new file mode 100644 -index 0000000..ab91f2c ---- /dev/null -+++ b/src/nss/keywrapers.c -@@ -0,0 +1,1213 @@ -+/** -+ * -+ * XMLSec library -+ * -+ * AES Algorithm support -+ * -+ * This is free software; see Copyright file in the source -+ * distribution for preciese wording. -+ * -+ * Copyright ................................. -+ */ -+#include "globals.h" -+ -+#include <stdlib.h> -+#include <stdio.h> -+#include <string.h> -+ -+#include <nss.h> -+#include <pk11func.h> -+#include <hasht.h> -+ -+#include <xmlsec/xmlsec.h> -+#include <xmlsec/xmltree.h> -+#include <xmlsec/keys.h> -+#include <xmlsec/transforms.h> -+#include <xmlsec/errors.h> -+ -+#include <xmlsec/nss/crypto.h> -+#include <xmlsec/nss/ciphers.h> -+ -+#define XMLSEC_NSS_AES128_KEY_SIZE 16 -+#define XMLSEC_NSS_AES192_KEY_SIZE 24 -+#define XMLSEC_NSS_AES256_KEY_SIZE 32 -+#define XMLSEC_NSS_DES3_KEY_SIZE 24 -+#define XMLSEC_NSS_DES3_KEY_LENGTH 24 -+#define XMLSEC_NSS_DES3_IV_LENGTH 8 -+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8 -+ -+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = { -+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05 -+}; -+ -+/********************************************************************* -+ * -+ * key wrap transforms -+ * -+ ********************************************************************/ -+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ; -+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ; -+ -+#define xmlSecNssKeyWrapSize \ -+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) ) -+ -+#define xmlSecNssKeyWrapGetCtx( transform ) \ -+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) -+ -+struct _xmlSecNssKeyWrapCtx { -+ CK_MECHANISM_TYPE cipher ; -+ PK11SymKey* symkey ; -+ xmlSecKeyDataId keyId ; -+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */ -+} ; -+ -+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform); -+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform); -+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, -+ xmlSecKeyReqPtr keyReq); -+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, -+ xmlSecKeyPtr key); -+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, -+ int last, -+ xmlSecTransformCtxPtr transformCtx); -+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform); -+ -+static int -+xmlSecNssKeyWrapCheckId( -+ xmlSecTransformPtr transform -+) { -+ #ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(1); -+ } -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) || -+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) { -+ -+ return(1); -+ } -+ #endif /* XMLSEC_NO_AES */ -+ -+ return(0); -+} -+ -+static xmlSecSize -+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) { -+#ifndef XMLSEC_NO_DES -+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) { -+ return(XMLSEC_NSS_DES3_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_DES */ -+ -+#ifndef XMLSEC_NO_AES -+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) { -+ return(XMLSEC_NSS_AES128_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) { -+ return(XMLSEC_NSS_AES192_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { -+ return(XMLSEC_NSS_AES256_KEY_SIZE); -+ } else -+#endif /* XMLSEC_NO_AES */ -+ -+ if(1) -+ return(0); -+} -+ -+ -+static int -+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ int ret; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ #ifndef XMLSEC_NO_DES -+ if( transform->id == xmlSecNssTransformKWDes3Id ) { -+ context->cipher = CKM_DES3_CBC ; -+ context->keyId = xmlSecNssKeyDataDesId ; -+ } else -+ #endif /* XMLSEC_NO_DES */ -+ -+ #ifndef XMLSEC_NO_AES -+ if( transform->id == xmlSecNssTransformKWAes128Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes192Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ if( transform->id == xmlSecNssTransformKWAes256Id ) { -+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/ -+ context->cipher = CKM_AES_CBC ; -+ context->keyId = xmlSecNssKeyDataAesId ; -+ } else -+ #endif /* XMLSEC_NO_AES */ -+ -+ -+ if( 1 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), -+ NULL , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = NULL ; -+ context->material = NULL ; -+ -+ return(0); -+} -+ -+static void -+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ -+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform)); -+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize)); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert( context != NULL ) ; -+ -+ if( context->symkey != NULL ) { -+ PK11_FreeSymKey( context->symkey ) ; -+ context->symkey = NULL ; -+ } -+ -+ if( context->material != NULL ) { -+ xmlSecBufferDestroy(context->material); -+ context->material = NULL ; -+ } -+} -+ -+static int -+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { -+ xmlSecNssKeyWrapCtxPtr context ; -+ xmlSecSize cipherSize = 0 ; -+ -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(keyReq != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ xmlSecAssert2( context != NULL , -1 ) ; -+ -+ keyReq->keyId = context->keyId; -+ keyReq->keyType = xmlSecKeyDataTypeSymmetric; -+ if(transform->operation == xmlSecTransformOperationEncrypt) { -+ keyReq->keyUsage = xmlSecKeyUsageEncrypt; -+ } else { -+ keyReq->keyUsage = xmlSecKeyUsageDecrypt; -+ } -+ -+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ; -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecKeyDataPtr keyData = NULL ; -+ PK11SymKey* symkey = NULL ; -+ -+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1); -+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1); -+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); -+ xmlSecAssert2(key != NULL, -1); -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; -+ -+ keyData = xmlSecKeyGetValue( key ) ; -+ if( keyData == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , -+ "xmlSecKeyGetValue" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , -+ "xmlSecNssSymKeyDataGetKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ context->symkey = symkey ; -+ -+ return(0) ; -+} -+ -+/** -+ * key wrap transform -+ */ -+static int -+xmlSecNssKeyWrapCtxInit( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecSize blockSize ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ if( ctx->material != NULL ) { -+ xmlSecBufferDestroy( ctx->material ) ; -+ ctx->material = NULL ; -+ } -+ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ ctx->material = xmlSecBufferCreate( blockSize ) ; -+ if( ctx->material == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* read raw key material into context */ -+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetData" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+/** -+ * key wrap transform update -+ */ -+static int -+xmlSecNssKeyWrapCtxUpdate( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) { -+ xmlSecSize s; -+ xmlSecSize i; -+ xmlSecByte c; -+ -+ xmlSecAssert2(buf != NULL, -1); -+ -+ s = size / 2; -+ --size; -+ for(i = 0; i < s; ++i) { -+ c = buf[i]; -+ buf[i] = buf[size - i]; -+ buf[size - i] = c; -+ } -+ return(0); -+} -+ -+static xmlSecByte * -+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize, -+ xmlSecByte *out, xmlSecSize outSize) -+{ -+ PK11Context *context = NULL; -+ SECStatus s; -+ xmlSecByte *digest = NULL; -+ unsigned int len; -+ -+ xmlSecAssert2(in != NULL, NULL); -+ xmlSecAssert2(out != NULL, NULL); -+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL); -+ -+ /* Create a context for hashing (digesting) */ -+ context = PK11_CreateDigestContext(SEC_OID_SHA1); -+ if (context == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateDigestContext", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestBegin(context); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestBegin", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestOp(context, in, inSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ s = PK11_DigestFinal(context, out, &len, outSize); -+ if (s != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ goto done; -+ } -+ xmlSecAssert2(len == SHA1_LENGTH, NULL); -+ -+ digest = out; -+ -+done: -+ if (context != NULL) { -+ PK11_DestroyContext(context, PR_TRUE); -+ } -+ return (digest); -+} -+ -+static int -+xmlSecNssKWDes3Encrypt( -+ PK11SymKey* symKey , -+ CK_MECHANISM_TYPE cipherMech , -+ const xmlSecByte* iv , -+ xmlSecSize ivSize , -+ const xmlSecByte* in , -+ xmlSecSize inSize , -+ xmlSecByte* out , -+ xmlSecSize outSize , -+ int enc -+) { -+ PK11Context* EncContext = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ int tmp1_outlen; -+ unsigned int tmp2_outlen; -+ int result_len = -1; -+ SECStatus rv; -+ -+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( symKey != NULL , -1 ) ; -+ xmlSecAssert2(iv != NULL, -1); -+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1); -+ xmlSecAssert2(in != NULL, -1); -+ xmlSecAssert2(inSize > 0, -1); -+ xmlSecAssert2(out != NULL, -1); -+ xmlSecAssert2(outSize >= inSize, -1); -+ -+ /* Prepare IV */ -+ ivItem.data = ( unsigned char* )iv ; -+ ivItem.len = ivSize ; -+ -+ secParam = PK11_ParamFromIV(cipherMech, &ivItem); -+ if (secParam == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_ParamFromIV", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ EncContext = PK11_CreateContextBySymKey(cipherMech, -+ enc ? CKA_ENCRYPT : CKA_DECRYPT, -+ symKey, secParam); -+ if (EncContext == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CreateContextBySymKey", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ tmp1_outlen = tmp2_outlen = 0; -+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize, -+ (unsigned char *)in, inSize); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_CipherOp", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, -+ &tmp2_outlen, outSize-tmp1_outlen); -+ if (rv != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_DigestFinal", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "Error code = %d", PORT_GetError()); -+ goto done; -+ } -+ -+ result_len = tmp1_outlen + tmp2_outlen; -+ -+done: -+ if (secParam) { -+ SECITEM_FreeItem(secParam, PR_TRUE); -+ } -+ if (EncContext) { -+ PK11_DestroyContext(EncContext, PR_TRUE); -+ } -+ -+ return(result_len); -+} -+ -+static int -+xmlSecNssKeyWrapDesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ xmlSecByte sha1[SHA1_LENGTH]; -+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH]; -+ xmlSecByte* in; -+ xmlSecSize inSize; -+ xmlSecByte* out; -+ xmlSecSize outSize; -+ xmlSecSize s; -+ int ret; -+ SECStatus status; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ in = xmlSecBufferGetData(ctx->material); -+ inSize = xmlSecBufferGetSize(ctx->material) ; -+ out = xmlSecBufferGetData(result); -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( encrypt ) { -+ /* step 2: calculate sha1 and CMS */ -+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 3: construct WKCKS */ -+ memcpy(out, in, inSize); -+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH); -+ -+ /* step 4: generate random iv */ -+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ if(status != SECSuccess) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "PK11_GenerateRandom", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ "error code = %d", PORT_GetError()); -+ return(-1); -+ } -+ -+ /* step 5: first encryption, result is TEMP1 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 6: construct TEMP2=IV || TEMP1 */ -+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out, -+ inSize + XMLSEC_NSS_DES3_IV_LENGTH); -+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH); -+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* step 7: reverse octets order, result is TEMP3 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* step 8: second encryption with static IV */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ out, s, -+ out, outSize, 1); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } else { -+ /* step 2: first decryption with static IV, result is TEMP3 */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH, -+ in, inSize, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret; -+ -+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */ -+ ret = xmlSecNssKWDes3BufferReverse(out, s); -+ if(ret < 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3BufferReverse", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ -+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher, -+ out, XMLSEC_NSS_DES3_IV_LENGTH, -+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH, -+ out, outSize, 0); -+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssKWDes3Encrypt", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH; -+ -+ /* steps 6 and 7: calculate SHA1 and validate it */ -+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecNssComputeSHA1", -+ XMLSEC_ERRORS_R_CRYPTO_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ -+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ NULL, -+ XMLSEC_ERRORS_R_INVALID_DATA, -+ "SHA1 does not match"); -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , s ) < 0 ) { -+ xmlSecError(XMLSEC_ERRORS_HERE, -+ NULL, -+ "xmlSecBufferSetSize", -+ XMLSEC_ERRORS_R_XMLSEC_FAILED, -+ XMLSEC_ERRORS_NO_MESSAGE); -+ return(-1); -+ } -+ } -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapAesOp( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ int encrypt , -+ xmlSecBufferPtr result -+) { -+ PK11Context* cipherCtx = NULL; -+ SECItem ivItem ; -+ SECItem* secParam = NULL ; -+ xmlSecSize inSize ; -+ xmlSecSize inBlocks ; -+ int blockSize ; -+ int midSize ; -+ int finSize ; -+ xmlSecByte* out ; -+ xmlSecSize outSize; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( result != NULL , -1 ) ; -+ -+ /* Do not set any IV */ -+ memset(&ivItem, 0, sizeof(ivItem)); -+ -+ /* Get block size */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inSize = xmlSecBufferGetSize( ctx->material ) ; -+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetMaxSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Get Param for context initialization */ -+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_ParamFromIV" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ; -+ if( cipherCtx == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CreateContextBySymKey" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ SECITEM_FreeItem( secParam , PR_TRUE ) ; -+ return(-1); -+ } -+ -+ out = xmlSecBufferGetData(result) ; -+ outSize = xmlSecBufferGetMaxSize(result) ; -+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_CipherOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_DigestFinal" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferSetSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ return 0 ; -+} -+ -+/** -+ * Block cipher transform final -+ */ -+static int -+xmlSecNssKeyWrapCtxFinal( -+ xmlSecNssKeyWrapCtxPtr ctx , -+ xmlSecBufferPtr in , -+ xmlSecBufferPtr out , -+ int encrypt , -+ xmlSecTransformCtxPtr transformCtx -+) { -+ PK11SymKey* targetKey ; -+ xmlSecSize blockSize ; -+ xmlSecBufferPtr result ; -+ -+ xmlSecAssert2( ctx != NULL , -1 ) ; -+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; -+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ; -+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ; -+ xmlSecAssert2( ctx->material != NULL , -1 ) ; -+ xmlSecAssert2( in != NULL , -1 ) ; -+ xmlSecAssert2( out != NULL , -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ /* read raw key material and append into context */ -+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferRemoveHead" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ /* Now we get all of the key materail */ -+ /* from now on we will wrap or unwrap the key */ -+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "PK11_GetBlockSize" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ result = xmlSecBufferCreate( blockSize ) ; -+ if( result == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferCreate" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ switch( ctx->cipher ) { -+ case CKM_DES3_CBC : -+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapDesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/ -+ case CKM_AES_CBC : -+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecNssKeyWrapAesOp" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ break ; -+ } -+ -+ /* Write output */ -+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ NULL , -+ "xmlSecBufferAppend" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ xmlSecBufferDestroy(result); -+ return(-1); -+ } -+ xmlSecBufferDestroy(result); -+ -+ return(0); -+} -+ -+static int -+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { -+ xmlSecNssKeyWrapCtxPtr context = NULL ; -+ xmlSecBufferPtr inBuf, outBuf ; -+ int operation ; -+ int rtv ; -+ -+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ; -+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ; -+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; -+ xmlSecAssert2( transformCtx != NULL , -1 ) ; -+ -+ context = xmlSecNssKeyWrapGetCtx( transform ) ; -+ if( context == NULL ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapGetCtx" , -+ XMLSEC_ERRORS_R_CRYPTO_FAILED , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ -+ inBuf = &( transform->inBuf ) ; -+ outBuf = &( transform->outBuf ) ; -+ -+ if( transform->status == xmlSecTransformStatusNone ) { -+ transform->status = xmlSecTransformStatusWorking ; -+ } -+ -+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; -+ if( transform->status == xmlSecTransformStatusWorking ) { -+ if( context->material == NULL ) { -+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxInit" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( context->material == NULL && last != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "No enough data to intialize transform" ) ; -+ return(-1); -+ } -+ -+ if( context->material != NULL ) { -+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxUpdate" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ } -+ -+ if( last ) { -+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; -+ if( rtv < 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ "xmlSecNssKeyWrapCtxFinal" , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ XMLSEC_ERRORS_NO_MESSAGE ) ; -+ return(-1); -+ } -+ transform->status = xmlSecTransformStatusFinished ; -+ } -+ } else if( transform->status == xmlSecTransformStatusFinished ) { -+ if( xmlSecBufferGetSize( inBuf ) != 0 ) { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ } else { -+ xmlSecError( XMLSEC_ERRORS_HERE , -+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , -+ NULL , -+ XMLSEC_ERRORS_R_INVALID_STATUS , -+ "status=%d", transform->status ) ; -+ return(-1); -+ } -+ -+ return(0); -+} -+ -+#ifndef XMLSEC_NO_AES -+ -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes128Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes128, /* const xmlChar* name; */ -+ xmlSecHrefKWAes128, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes192Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes192, /* const xmlChar* name; */ -+ xmlSecHrefKWAes192, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWAes256Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWAes256, /* const xmlChar* name; */ -+ xmlSecHrefKWAes256, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWAes128GetKlass: -+ * -+ * The AES-128 key wrapper transform klass. -+ * -+ * Returns AES-128 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes128GetKlass(void) { -+ return(&xmlSecNssKWAes128Klass); -+} -+ -+/** -+ * xmlSecNssTransformKWAes192GetKlass: -+ * -+ * The AES-192 key wrapper transform klass. -+ * -+ * Returns AES-192 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes192GetKlass(void) { -+ return(&xmlSecNssKWAes192Klass); -+} -+ -+/** -+ * -+ * The AES-256 key wrapper transform klass. -+ * -+ * Returns AES-256 key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWAes256GetKlass(void) { -+ return(&xmlSecNssKWAes256Klass); -+} -+ -+#endif /* XMLSEC_NO_AES */ -+ -+ -+#ifndef XMLSEC_NO_DES -+ -+#ifdef __MINGW32__ // for runtime-pseudo-reloc -+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#else -+static xmlSecTransformKlass xmlSecNssKWDes3Klass = { -+#endif -+ /* klass/object sizes */ -+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ -+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */ -+ -+ xmlSecNameKWDes3, /* const xmlChar* name; */ -+ xmlSecHrefKWDes3, /* const xmlChar* href; */ -+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ -+ -+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */ -+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */ -+ NULL, /* xmlSecTransformNodeReadMethod readNode; */ -+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ -+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ -+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */ -+ NULL, /* xmlSecTransformValidateMethod validate; */ -+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ -+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ -+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ -+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */ -+ NULL, /* xmlSecTransformPopXmlMethod popXml; */ -+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */ -+ -+ NULL, /* void* reserved0; */ -+ NULL, /* void* reserved1; */ -+}; -+ -+/** -+ * xmlSecNssTransformKWDes3GetKlass: -+ * -+ * The Triple DES key wrapper transform klass. -+ * -+ * Returns Triple DES key wrapper transform klass. -+ */ -+xmlSecTransformId -+xmlSecNssTransformKWDes3GetKlass(void) { -+ return(&xmlSecNssKWDes3Klass); -+} -+ -+#endif /* XMLSEC_NO_DES */ -+ diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index ae9e29b..9acd317 100644 --- a/src/nss/pkikeys.c |