summaryrefslogtreecommitdiff
path: root/libxmlsec/src
diff options
context:
space:
mode:
authorPeter Foley <pefoley2@verizon.net>2012-11-29 20:50:15 -0500
committerPeter Foley <pefoley2@verizon.net>2012-11-30 11:34:29 -0500
commitec6af4194e80f5f0b2e46ca59802ff397a2a4a24 (patch)
tree9f0ff42902bdd0a7988cc462571259c873794289 /libxmlsec/src
parent694a2c53810dec6d8e069d74baf51e6cdda91faa (diff)
convert libxmlsec to gbuild
Change-Id: Id0ad4e1c8e3e1ac03c625fb77b70fe0aa8ddfcdc
Diffstat (limited to 'libxmlsec/src')
-rw-r--r--libxmlsec/src/akmngr_mscrypto.c237
-rw-r--r--libxmlsec/src/akmngr_nss.c384
-rw-r--r--libxmlsec/src/keywrapers.c1213
-rw-r--r--libxmlsec/src/tokens.c548
4 files changed, 2382 insertions, 0 deletions
diff --git a/libxmlsec/src/akmngr_mscrypto.c b/libxmlsec/src/akmngr_mscrypto.c
new file mode 100644
index 000000000000..af9eef4ecfb6
--- /dev/null
+++ b/libxmlsec/src/akmngr_mscrypto.c
@@ -0,0 +1,237 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright.........................
+ */
+#include "globals.h"
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/keysmngr.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/mscrypto/crypto.h>
+#include <xmlsec/mscrypto/keysstore.h>
+#include <xmlsec/mscrypto/akmngr.h>
+#include <xmlsec/mscrypto/x509.h>
+
+/**
+ * xmlSecMSCryptoAppliedKeysMngrCreate:
+ * @hKeyStore: the pointer to key store.
+ * @hCertStore: the pointer to certificate database.
+ *
+ * Create and load key store and certificate database into keys manager
+ *
+ * Returns keys manager pointer on success or NULL otherwise.
+ */
+xmlSecKeysMngrPtr
+xmlSecMSCryptoAppliedKeysMngrCreate(
+ HCERTSTORE hKeyStore ,
+ HCERTSTORE hCertStore
+) {
+ xmlSecKeyDataStorePtr certStore = NULL ;
+ xmlSecKeysMngrPtr keyMngr = NULL ;
+ xmlSecKeyStorePtr keyStore = NULL ;
+
+ keyStore = xmlSecKeyStoreCreate( xmlSecMSCryptoKeysStoreId ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyStoreCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return NULL ;
+ }
+
+ /*-
+ * At present, MS Crypto engine do not provide a way to setup a key store.
+ */
+ if( keyStore != NULL ) {
+ /*TODO: binding key store.*/
+ }
+
+ keyMngr = xmlSecKeysMngrCreate() ;
+ if( keyMngr == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Add key store to manager, from now on keys manager destroys the store if
+ * needed
+ */
+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Initialize crypto library specific data in keys manager
+ */
+ if( xmlSecMSCryptoKeysMngrInit( keyMngr ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecMSCryptoKeysMngrInit" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Set certificate databse to X509 key data store
+ */
+ /*-
+ * At present, MS Crypto engine do not provide a way to setup a cert store.
+ */
+
+ /*-
+ * Set the getKey callback
+ */
+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
+
+ return keyMngr ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY symKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY pubKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ HCRYPTKEY priKey
+) {
+ /*TODO: import the key into keys manager.*/
+ return(0) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptKeyStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE keyStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( keyStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptTrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE trustedStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( trustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecMSCryptoAppliedKeysMngrAdoptUntrustedStore (
+ xmlSecKeysMngrPtr mngr ,
+ HCERTSTORE untrustedStore
+) {
+ xmlSecKeyDataStorePtr x509Store ;
+
+ xmlSecAssert2( mngr != NULL, -1 ) ;
+ xmlSecAssert2( untrustedStore != NULL, -1 ) ;
+
+ x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ;
+ if( x509Store == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) ,
+ "xmlSecMSCryptoX509StoreAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 ) ;
+ }
+
+ return( 0 ) ;
+}
+
+
diff --git a/libxmlsec/src/akmngr_nss.c b/libxmlsec/src/akmngr_nss.c
new file mode 100644
index 000000000000..0eddf86ef931
--- /dev/null
+++ b/libxmlsec/src/akmngr_nss.c
@@ -0,0 +1,384 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright.........................
+ */
+#include "globals.h"
+
+#include <nspr.h>
+#include <nss.h>
+#include <pk11func.h>
+#include <cert.h>
+#include <keyhi.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/tokens.h>
+#include <xmlsec/nss/akmngr.h>
+#include <xmlsec/nss/pkikeys.h>
+#include <xmlsec/nss/ciphers.h>
+#include <xmlsec/nss/keysstore.h>
+
+/**
+ * xmlSecNssAppliedKeysMngrCreate:
+ * @slot: array of pointers to NSS PKCS#11 slot information.
+ * @cSlots: number of slots in the array
+ * @handler: the pointer to NSS certificate database.
+ *
+ * Create and load NSS crypto slot and certificate database into keys manager
+ *
+ * Returns keys manager pointer on success or NULL otherwise.
+ */
+xmlSecKeysMngrPtr
+xmlSecNssAppliedKeysMngrCreate(
+ PK11SlotInfo** slots,
+ int cSlots,
+ CERTCertDBHandle* handler
+) {
+ xmlSecKeyDataStorePtr certStore = NULL ;
+ xmlSecKeysMngrPtr keyMngr = NULL ;
+ xmlSecKeyStorePtr keyStore = NULL ;
+ int islot = 0;
+ keyStore = xmlSecKeyStoreCreate( xmlSecNssKeysStoreId ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeyStoreCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return NULL ;
+ }
+
+ for (islot = 0; islot < cSlots; islot++)
+ {
+ xmlSecNssKeySlotPtr keySlot ;
+
+ /* Create a key slot */
+ keySlot = xmlSecNssKeySlotCreate() ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeySlotCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /* Set slot */
+ if( xmlSecNssKeySlotSetSlot( keySlot , slots[islot] ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeySlotSetSlot" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return NULL ;
+ }
+
+ /* Adopt keySlot */
+ if( xmlSecNssKeysStoreAdoptKeySlot( keyStore , keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeysStoreAdoptKeySlot" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return NULL ;
+ }
+ }
+
+ keyMngr = xmlSecKeysMngrCreate() ;
+ if( keyMngr == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Add key store to manager, from now on keys manager destroys the store if
+ * needed
+ */
+ if( xmlSecKeysMngrAdoptKeysStore( keyMngr, keyStore ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrAdoptKeyStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeyStoreDestroy( keyStore ) ;
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Initialize crypto library specific data in keys manager
+ */
+ if( xmlSecNssKeysMngrInit( keyMngr ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrCreate" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ /*-
+ * Set certificate databse to X509 key data store
+ */
+ /**
+ * Because Tej's implementation of certDB use the default DB, so I ignore
+ * the certDB handler at present. I'll modify the cert store sources to
+ * accept particular certDB instead of default ones.
+ certStore = xmlSecKeysMngrGetDataStore( keyMngr , xmlSecNssKeyDataStoreX509Id ) ;
+ if( certStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecKeysMngrGetDataStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+
+ if( xmlSecNssKeyDataStoreX509SetCertDb( certStore , handler ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyStoreGetName( keyStore ) ) ,
+ "xmlSecNssKeyDataStoreX509SetCertDb" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+
+ xmlSecKeysMngrDestroy( keyMngr ) ;
+ return NULL ;
+ }
+ */
+
+ /*-
+ * Set the getKey callback
+ */
+ keyMngr->getKey = xmlSecKeysMngrGetKey ;
+
+ return keyMngr ;
+}
+
+int
+xmlSecNssAppliedKeysMngrSymKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ PK11SymKey* symKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( symKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssSymKeyDataKeyAdopt( symKey ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
+int
+xmlSecNssAppliedKeysMngrPubKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPublicKey* pubKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( pubKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssPKIAdoptKey( NULL, pubKey ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
+int
+xmlSecNssAppliedKeysMngrPriKeyLoad(
+ xmlSecKeysMngrPtr mngr ,
+ SECKEYPrivateKey* priKey
+) {
+ xmlSecKeyPtr key ;
+ xmlSecKeyDataPtr data ;
+ xmlSecKeyStorePtr keyStore ;
+
+ xmlSecAssert2( mngr != NULL , -1 ) ;
+ xmlSecAssert2( priKey != NULL , -1 ) ;
+
+ keyStore = xmlSecKeysMngrGetKeysStore( mngr ) ;
+ if( keyStore == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecKeysMngrGetKeysStore" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+ xmlSecAssert2( xmlSecKeyStoreCheckId( keyStore , xmlSecNssKeysStoreId ) , -1 ) ;
+
+ data = xmlSecNssPKIAdoptKey( priKey, NULL ) ;
+ if( data == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssPKIAdoptKey" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1) ;
+ }
+
+ key = xmlSecKeyCreate() ;
+ if( key == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecKeySetValue( key , data ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDataDestroy( data ) ;
+ return(-1) ;
+ }
+
+ if( xmlSecNssKeysStoreAdoptKey( keyStore, key ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssSymKeyDataKeyAdopt" ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecKeyDestroy( key ) ;
+ return(-1) ;
+ }
+
+ return(0) ;
+}
+
diff --git a/libxmlsec/src/keywrapers.c b/libxmlsec/src/keywrapers.c
new file mode 100644
index 000000000000..6066724c874b
--- /dev/null
+++ b/libxmlsec/src/keywrapers.c
@@ -0,0 +1,1213 @@
+/**
+ *
+ * XMLSec library
+ *
+ * AES Algorithm support
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright .................................
+ */
+#include "globals.h"
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+
+#include <nss.h>
+#include <pk11func.h>
+#include <hasht.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/xmltree.h>
+#include <xmlsec/keys.h>
+#include <xmlsec/transforms.h>
+#include <xmlsec/errors.h>
+
+#include <xmlsec/nss/crypto.h>
+#include <xmlsec/nss/ciphers.h>
+
+#define XMLSEC_NSS_AES128_KEY_SIZE 16
+#define XMLSEC_NSS_AES192_KEY_SIZE 24
+#define XMLSEC_NSS_AES256_KEY_SIZE 32
+#define XMLSEC_NSS_DES3_KEY_SIZE 24
+#define XMLSEC_NSS_DES3_KEY_LENGTH 24
+#define XMLSEC_NSS_DES3_IV_LENGTH 8
+#define XMLSEC_NSS_DES3_BLOCK_LENGTH 8
+
+static xmlSecByte xmlSecNssKWDes3Iv[XMLSEC_NSS_DES3_IV_LENGTH] = {
+ 0x4a, 0xdd, 0xa2, 0x2c, 0x79, 0xe8, 0x21, 0x05
+};
+
+/*********************************************************************
+ *
+ * key wrap transforms
+ *
+ ********************************************************************/
+typedef struct _xmlSecNssKeyWrapCtx xmlSecNssKeyWrapCtx ;
+typedef struct _xmlSecNssKeyWrapCtx* xmlSecNssKeyWrapCtxPtr ;
+
+#define xmlSecNssKeyWrapSize \
+ ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyWrapCtx ) )
+
+#define xmlSecNssKeyWrapGetCtx( transform ) \
+ ( ( xmlSecNssKeyWrapCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) )
+
+struct _xmlSecNssKeyWrapCtx {
+ CK_MECHANISM_TYPE cipher ;
+ PK11SymKey* symkey ;
+ xmlSecKeyDataId keyId ;
+ xmlSecBufferPtr material ; /* to be encrypted/decrypted key material */
+} ;
+
+static int xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform);
+static void xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform);
+static int xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform,
+ xmlSecKeyReqPtr keyReq);
+static int xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform,
+ xmlSecKeyPtr key);
+static int xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform,
+ int last,
+ xmlSecTransformCtxPtr transformCtx);
+static xmlSecSize xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform);
+
+static int
+xmlSecNssKeyWrapCheckId(
+ xmlSecTransformPtr transform
+) {
+ #ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+ return(1);
+ }
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes128Id ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes192Id ) ||
+ xmlSecTransformCheckId( transform, xmlSecNssTransformKWAes256Id ) ) {
+
+ return(1);
+ }
+ #endif /* XMLSEC_NO_AES */
+
+ return(0);
+}
+
+static xmlSecSize
+xmlSecNssKeyWrapGetKeySize(xmlSecTransformPtr transform) {
+#ifndef XMLSEC_NO_DES
+ if( xmlSecTransformCheckId( transform, xmlSecNssTransformKWDes3Id ) ) {
+ return(XMLSEC_NSS_DES3_KEY_SIZE);
+ } else
+#endif /* XMLSEC_NO_DES */
+
+#ifndef XMLSEC_NO_AES
+ if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes128Id)) {
+ return(XMLSEC_NSS_AES128_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes192Id)) {
+ return(XMLSEC_NSS_AES192_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ return(XMLSEC_NSS_AES256_KEY_SIZE);
+ } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) {
+ return(XMLSEC_NSS_AES256_KEY_SIZE);
+ } else
+#endif /* XMLSEC_NO_AES */
+
+ if(1)
+ return(0);
+}
+
+
+static int
+xmlSecNssKeyWrapInitialize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyWrapCtxPtr context ;
+ int ret;
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ #ifndef XMLSEC_NO_DES
+ if( transform->id == xmlSecNssTransformKWDes3Id ) {
+ context->cipher = CKM_DES3_CBC ;
+ context->keyId = xmlSecNssKeyDataDesId ;
+ } else
+ #endif /* XMLSEC_NO_DES */
+
+ #ifndef XMLSEC_NO_AES
+ if( transform->id == xmlSecNssTransformKWAes128Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( transform->id == xmlSecNssTransformKWAes192Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ if( transform->id == xmlSecNssTransformKWAes256Id ) {
+ /* context->cipher = CKM_NETSCAPE_AES_KEY_WRAP ;*/
+ context->cipher = CKM_AES_CBC ;
+ context->keyId = xmlSecNssKeyDataAesId ;
+ } else
+ #endif /* XMLSEC_NO_AES */
+
+
+ if( 1 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
+ NULL ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->symkey = NULL ;
+ context->material = NULL ;
+
+ return(0);
+}
+
+static void
+xmlSecNssKeyWrapFinalize(xmlSecTransformPtr transform) {
+ xmlSecNssKeyWrapCtxPtr context ;
+
+ xmlSecAssert(xmlSecNssKeyWrapCheckId(transform));
+ xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize));
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert( context != NULL ) ;
+
+ if( context->symkey != NULL ) {
+ PK11_FreeSymKey( context->symkey ) ;
+ context->symkey = NULL ;
+ }
+
+ if( context->material != NULL ) {
+ xmlSecBufferDestroy(context->material);
+ context->material = NULL ;
+ }
+}
+
+static int
+xmlSecNssKeyWrapSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
+ xmlSecNssKeyWrapCtxPtr context ;
+ xmlSecSize cipherSize = 0 ;
+
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(keyReq != NULL, -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ xmlSecAssert2( context != NULL , -1 ) ;
+
+ keyReq->keyId = context->keyId;
+ keyReq->keyType = xmlSecKeyDataTypeSymmetric;
+ if(transform->operation == xmlSecTransformOperationEncrypt) {
+ keyReq->keyUsage = xmlSecKeyUsageEncrypt;
+ } else {
+ keyReq->keyUsage = xmlSecKeyUsageDecrypt;
+ }
+
+ keyReq->keyBitsSize = xmlSecNssKeyWrapGetKeySize( transform ) ;
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
+ xmlSecNssKeyWrapCtxPtr context = NULL ;
+ xmlSecKeyDataPtr keyData = NULL ;
+ PK11SymKey* symkey = NULL ;
+
+ xmlSecAssert2(xmlSecNssKeyWrapCheckId(transform), -1);
+ xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyWrapSize), -1);
+ xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
+ xmlSecAssert2(key != NULL, -1);
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ if( context == NULL || context->keyId == NULL || context->symkey != NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ;
+
+ keyData = xmlSecKeyGetValue( key ) ;
+ if( keyData == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) ,
+ "xmlSecKeyGetValue" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( ( symkey = xmlSecNssSymKeyDataGetKey( keyData ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) ,
+ "xmlSecNssSymKeyDataGetKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ context->symkey = symkey ;
+
+ return(0) ;
+}
+
+/**
+ * key wrap transform
+ */
+static int
+xmlSecNssKeyWrapCtxInit(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecSize blockSize ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ if( ctx->material != NULL ) {
+ xmlSecBufferDestroy( ctx->material ) ;
+ ctx->material = NULL ;
+ }
+
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ ctx->material = xmlSecBufferCreate( blockSize ) ;
+ if( ctx->material == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* read raw key material into context */
+ if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetData" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+/**
+ * key wrap transform update
+ */
+static int
+xmlSecNssKeyWrapCtxUpdate(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) {
+ xmlSecSize s;
+ xmlSecSize i;
+ xmlSecByte c;
+
+ xmlSecAssert2(buf != NULL, -1);
+
+ s = size / 2;
+ --size;
+ for(i = 0; i < s; ++i) {
+ c = buf[i];
+ buf[i] = buf[size - i];
+ buf[size - i] = c;
+ }
+ return(0);
+}
+
+static xmlSecByte *
+xmlSecNssComputeSHA1(const xmlSecByte *in, xmlSecSize inSize,
+ xmlSecByte *out, xmlSecSize outSize)
+{
+ PK11Context *context = NULL;
+ SECStatus s;
+ xmlSecByte *digest = NULL;
+ unsigned int len;
+
+ xmlSecAssert2(in != NULL, NULL);
+ xmlSecAssert2(out != NULL, NULL);
+ xmlSecAssert2(outSize >= SHA1_LENGTH, NULL);
+
+ /* Create a context for hashing (digesting) */
+ context = PK11_CreateDigestContext(SEC_OID_SHA1);
+ if (context == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateDigestContext",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestBegin(context);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestBegin",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestOp(context, in, inSize);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ s = PK11_DigestFinal(context, out, &len, outSize);
+ if (s != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ goto done;
+ }
+ xmlSecAssert2(len == SHA1_LENGTH, NULL);
+
+ digest = out;
+
+done:
+ if (context != NULL) {
+ PK11_DestroyContext(context, PR_TRUE);
+ }
+ return (digest);
+}
+
+static int
+xmlSecNssKWDes3Encrypt(
+ PK11SymKey* symKey ,
+ CK_MECHANISM_TYPE cipherMech ,
+ const xmlSecByte* iv ,
+ xmlSecSize ivSize ,
+ const xmlSecByte* in ,
+ xmlSecSize inSize ,
+ xmlSecByte* out ,
+ xmlSecSize outSize ,
+ int enc
+) {
+ PK11Context* EncContext = NULL;
+ SECItem ivItem ;
+ SECItem* secParam = NULL ;
+ int tmp1_outlen;
+ unsigned int tmp2_outlen;
+ int result_len = -1;
+ SECStatus rv;
+
+ xmlSecAssert2( cipherMech != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( symKey != NULL , -1 ) ;
+ xmlSecAssert2(iv != NULL, -1);
+ xmlSecAssert2(ivSize == XMLSEC_NSS_DES3_IV_LENGTH, -1);
+ xmlSecAssert2(in != NULL, -1);
+ xmlSecAssert2(inSize > 0, -1);
+ xmlSecAssert2(out != NULL, -1);
+ xmlSecAssert2(outSize >= inSize, -1);
+
+ /* Prepare IV */
+ ivItem.data = ( unsigned char* )iv ;
+ ivItem.len = ivSize ;
+
+ secParam = PK11_ParamFromIV(cipherMech, &ivItem);
+ if (secParam == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_ParamFromIV",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ EncContext = PK11_CreateContextBySymKey(cipherMech,
+ enc ? CKA_ENCRYPT : CKA_DECRYPT,
+ symKey, secParam);
+ if (EncContext == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CreateContextBySymKey",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ tmp1_outlen = tmp2_outlen = 0;
+ rv = PK11_CipherOp(EncContext, out, &tmp1_outlen, outSize,
+ (unsigned char *)in, inSize);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_CipherOp",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ rv = PK11_DigestFinal(EncContext, out+tmp1_outlen,
+ &tmp2_outlen, outSize-tmp1_outlen);
+ if (rv != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_DigestFinal",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "Error code = %d", PORT_GetError());
+ goto done;
+ }
+
+ result_len = tmp1_outlen + tmp2_outlen;
+
+done:
+ if (secParam) {
+ SECITEM_FreeItem(secParam, PR_TRUE);
+ }
+ if (EncContext) {
+ PK11_DestroyContext(EncContext, PR_TRUE);
+ }
+
+ return(result_len);
+}
+
+static int
+xmlSecNssKeyWrapDesOp(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ int encrypt ,
+ xmlSecBufferPtr result
+) {
+ xmlSecByte sha1[SHA1_LENGTH];
+ xmlSecByte iv[XMLSEC_NSS_DES3_IV_LENGTH];
+ xmlSecByte* in;
+ xmlSecSize inSize;
+ xmlSecByte* out;
+ xmlSecSize outSize;
+ xmlSecSize s;
+ int ret;
+ SECStatus status;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( result != NULL , -1 ) ;
+
+ in = xmlSecBufferGetData(ctx->material);
+ inSize = xmlSecBufferGetSize(ctx->material) ;
+ out = xmlSecBufferGetData(result);
+ outSize = xmlSecBufferGetMaxSize(result) ;
+ if( encrypt ) {
+ /* step 2: calculate sha1 and CMS */
+ if(xmlSecNssComputeSHA1(in, inSize, sha1, SHA1_LENGTH) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssComputeSHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 3: construct WKCKS */
+ memcpy(out, in, inSize);
+ memcpy(out + inSize, sha1, XMLSEC_NSS_DES3_BLOCK_LENGTH);
+
+ /* step 4: generate random iv */
+ status = PK11_GenerateRandom(iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ if(status != SECSuccess) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "PK11_GenerateRandom",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ "error code = %d", PORT_GetError());
+ return(-1);
+ }
+
+ /* step 5: first encryption, result is TEMP1 */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ out, inSize + XMLSEC_NSS_DES3_IV_LENGTH,
+ out, outSize, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 6: construct TEMP2=IV || TEMP1 */
+ memmove(out + XMLSEC_NSS_DES3_IV_LENGTH, out,
+ inSize + XMLSEC_NSS_DES3_IV_LENGTH);
+ memcpy(out, iv, XMLSEC_NSS_DES3_IV_LENGTH);
+ s = ret + XMLSEC_NSS_DES3_IV_LENGTH;
+
+ /* step 7: reverse octets order, result is TEMP3 */
+ ret = xmlSecNssKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* step 8: second encryption with static IV */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ out, s,
+ out, outSize, 1);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret;
+
+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ } else {
+ /* step 2: first decryption with static IV, result is TEMP3 */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ xmlSecNssKWDes3Iv, XMLSEC_NSS_DES3_IV_LENGTH,
+ in, inSize,
+ out, outSize, 0);
+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_IV_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret;
+
+ /* step 3: reverse octets order in TEMP3, result is TEMP2 */
+ ret = xmlSecNssKWDes3BufferReverse(out, s);
+ if(ret < 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3BufferReverse",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */
+ ret = xmlSecNssKWDes3Encrypt( ctx->symkey, ctx->cipher,
+ out, XMLSEC_NSS_DES3_IV_LENGTH,
+ out+XMLSEC_NSS_DES3_IV_LENGTH, s-XMLSEC_NSS_DES3_IV_LENGTH,
+ out, outSize, 0);
+ if((ret < 0) || (ret < XMLSEC_NSS_DES3_BLOCK_LENGTH)) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssKWDes3Encrypt",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ s = ret - XMLSEC_NSS_DES3_IV_LENGTH;
+
+ /* steps 6 and 7: calculate SHA1 and validate it */
+ if(xmlSecNssComputeSHA1(out, s, sha1, SHA1_LENGTH) == NULL) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecNssComputeSHA1",
+ XMLSEC_ERRORS_R_CRYPTO_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+
+ if(memcmp(sha1, out + s, XMLSEC_NSS_DES3_BLOCK_LENGTH) != 0) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ NULL,
+ XMLSEC_ERRORS_R_INVALID_DATA,
+ "SHA1 does not match");
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , s ) < 0 ) {
+ xmlSecError(XMLSEC_ERRORS_HERE,
+ NULL,
+ "xmlSecBufferSetSize",
+ XMLSEC_ERRORS_R_XMLSEC_FAILED,
+ XMLSEC_ERRORS_NO_MESSAGE);
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapAesOp(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ int encrypt ,
+ xmlSecBufferPtr result
+) {
+ PK11Context* cipherCtx = NULL;
+ SECItem ivItem ;
+ SECItem* secParam = NULL ;
+ xmlSecSize inSize ;
+ xmlSecSize inBlocks ;
+ int blockSize ;
+ int midSize ;
+ int finSize ;
+ xmlSecByte* out ;
+ xmlSecSize outSize;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( result != NULL , -1 ) ;
+
+ /* Do not set any IV */
+ memset(&ivItem, 0, sizeof(ivItem));
+
+ /* Get block size */
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inSize = xmlSecBufferGetSize( ctx->material ) ;
+ if( xmlSecBufferSetMaxSize( result , inSize + blockSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetMaxSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Get Param for context initialization */
+ if( ( secParam = PK11_ParamFromIV( ctx->cipher , &ivItem ) ) == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_ParamFromIV" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ cipherCtx = PK11_CreateContextBySymKey( ctx->cipher , encrypt ? CKA_ENCRYPT : CKA_DECRYPT , ctx->symkey , secParam ) ;
+ if( cipherCtx == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_CreateContextBySymKey" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ SECITEM_FreeItem( secParam , PR_TRUE ) ;
+ return(-1);
+ }
+
+ out = xmlSecBufferGetData(result) ;
+ outSize = xmlSecBufferGetMaxSize(result) ;
+ if( PK11_CipherOp( cipherCtx , out, &midSize , outSize , xmlSecBufferGetData( ctx->material ) , inSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_CipherOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( PK11_DigestFinal( cipherCtx , out + midSize , &finSize , outSize - midSize ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_DigestFinal" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferSetSize( result , midSize + finSize ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferSetSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ return 0 ;
+}
+
+/**
+ * Block cipher transform final
+ */
+static int
+xmlSecNssKeyWrapCtxFinal(
+ xmlSecNssKeyWrapCtxPtr ctx ,
+ xmlSecBufferPtr in ,
+ xmlSecBufferPtr out ,
+ int encrypt ,
+ xmlSecTransformCtxPtr transformCtx
+) {
+ PK11SymKey* targetKey ;
+ xmlSecSize blockSize ;
+ xmlSecBufferPtr result ;
+
+ xmlSecAssert2( ctx != NULL , -1 ) ;
+ xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ;
+ xmlSecAssert2( ctx->symkey != NULL , -1 ) ;
+ xmlSecAssert2( ctx->keyId != NULL , -1 ) ;
+ xmlSecAssert2( ctx->material != NULL , -1 ) ;
+ xmlSecAssert2( in != NULL , -1 ) ;
+ xmlSecAssert2( out != NULL , -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ /* read raw key material and append into context */
+ if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferRemoveHead" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Now we get all of the key materail */
+ /* from now on we will wrap or unwrap the key */
+ if( ( blockSize = PK11_GetBlockSize( ctx->cipher , NULL ) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "PK11_GetBlockSize" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ result = xmlSecBufferCreate( blockSize ) ;
+ if( result == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferCreate" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ switch( ctx->cipher ) {
+ case CKM_DES3_CBC :
+ if( xmlSecNssKeyWrapDesOp(ctx, encrypt, result) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssKeyWrapDesOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ break ;
+ /* case CKM_NETSCAPE_AES_KEY_WRAP :*/
+ case CKM_AES_CBC :
+ if( xmlSecNssKeyWrapAesOp(ctx, encrypt, result) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecNssKeyWrapAesOp" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ break ;
+ }
+
+ /* Write output */
+ if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ "xmlSecBufferAppend" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecBufferDestroy(result);
+ return(-1);
+ }
+ xmlSecBufferDestroy(result);
+
+ return(0);
+}
+
+static int
+xmlSecNssKeyWrapExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
+ xmlSecNssKeyWrapCtxPtr context = NULL ;
+ xmlSecBufferPtr inBuf, outBuf ;
+ int operation ;
+ int rtv ;
+
+ xmlSecAssert2( xmlSecNssKeyWrapCheckId( transform ), -1 ) ;
+ xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyWrapSize ), -1 ) ;
+ xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ;
+ xmlSecAssert2( transformCtx != NULL , -1 ) ;
+
+ context = xmlSecNssKeyWrapGetCtx( transform ) ;
+ if( context == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapGetCtx" ,
+ XMLSEC_ERRORS_R_CRYPTO_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ inBuf = &( transform->inBuf ) ;
+ outBuf = &( transform->outBuf ) ;
+
+ if( transform->status == xmlSecTransformStatusNone ) {
+ transform->status = xmlSecTransformStatusWorking ;
+ }
+
+ operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ;
+ if( transform->status == xmlSecTransformStatusWorking ) {
+ if( context->material == NULL ) {
+ rtv = xmlSecNssKeyWrapCtxInit( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxInit" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( context->material == NULL && last != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "No enough data to intialize transform" ) ;
+ return(-1);
+ }
+
+ if( context->material != NULL ) {
+ rtv = xmlSecNssKeyWrapCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxUpdate" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ if( last ) {
+ rtv = xmlSecNssKeyWrapCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ;
+ if( rtv < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ "xmlSecNssKeyWrapCtxFinal" ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ transform->status = xmlSecTransformStatusFinished ;
+ }
+ } else if( transform->status == xmlSecTransformStatusFinished ) {
+ if( xmlSecBufferGetSize( inBuf ) != 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+ } else {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) ,
+ NULL ,
+ XMLSEC_ERRORS_R_INVALID_STATUS ,
+ "status=%d", transform->status ) ;
+ return(-1);
+ }
+
+ return(0);
+}
+
+#ifndef XMLSEC_NO_AES
+
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes128Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes128, /* const xmlChar* name; */
+ xmlSecHrefKWAes128, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes192Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes192, /* const xmlChar* name; */
+ xmlSecHrefKWAes192, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWAes256Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWAes256, /* const xmlChar* name; */
+ xmlSecHrefKWAes256, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWAes128GetKlass:
+ *
+ * The AES-128 key wrapper transform klass.
+ *
+ * Returns AES-128 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes128GetKlass(void) {
+ return(&xmlSecNssKWAes128Klass);
+}
+
+/**
+ * xmlSecNssTransformKWAes192GetKlass:
+ *
+ * The AES-192 key wrapper transform klass.
+ *
+ * Returns AES-192 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes192GetKlass(void) {
+ return(&xmlSecNssKWAes192Klass);
+}
+
+/**
+ *
+ * The AES-256 key wrapper transform klass.
+ *
+ * Returns AES-256 key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWAes256GetKlass(void) {
+ return(&xmlSecNssKWAes256Klass);
+}
+
+#endif /* XMLSEC_NO_AES */
+
+
+#ifndef XMLSEC_NO_DES
+
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+#else
+static xmlSecTransformKlass xmlSecNssKWDes3Klass = {
+#endif
+ /* klass/object sizes */
+ sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */
+ xmlSecNssKeyWrapSize, /* xmlSecSize objSize */
+
+ xmlSecNameKWDes3, /* const xmlChar* name; */
+ xmlSecHrefKWDes3, /* const xmlChar* href; */
+ xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */
+
+ xmlSecNssKeyWrapInitialize, /* xmlSecTransformInitializeMethod initialize; */
+ xmlSecNssKeyWrapFinalize, /* xmlSecTransformFinalizeMethod finalize; */
+ NULL, /* xmlSecTransformNodeReadMethod readNode; */
+ NULL, /* xmlSecTransformNodeWriteMethod writeNode; */
+ xmlSecNssKeyWrapSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */
+ xmlSecNssKeyWrapSetKey, /* xmlSecTransformSetKeyMethod setKey; */
+ NULL, /* xmlSecTransformValidateMethod validate; */
+ xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */
+ xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */
+ xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */
+ NULL, /* xmlSecTransformPushXmlMethod pushXml; */
+ NULL, /* xmlSecTransformPopXmlMethod popXml; */
+ xmlSecNssKeyWrapExecute, /* xmlSecTransformExecuteMethod execute; */
+
+ NULL, /* void* reserved0; */
+ NULL, /* void* reserved1; */
+};
+
+/**
+ * xmlSecNssTransformKWDes3GetKlass:
+ *
+ * The Triple DES key wrapper transform klass.
+ *
+ * Returns Triple DES key wrapper transform klass.
+ */
+xmlSecTransformId
+xmlSecNssTransformKWDes3GetKlass(void) {
+ return(&xmlSecNssKWDes3Klass);
+}
+
+#endif /* XMLSEC_NO_DES */
+
diff --git a/libxmlsec/src/tokens.c b/libxmlsec/src/tokens.c
new file mode 100644
index 000000000000..8f2a4f890339
--- /dev/null
+++ b/libxmlsec/src/tokens.c
@@ -0,0 +1,548 @@
+/**
+ * XMLSec library
+ *
+ * This is free software; see Copyright file in the source
+ * distribution for preciese wording.
+ *
+ * Copyright..................................
+ *
+ * Contributor(s): _____________________________
+ *
+ */
+
+/**
+ * In order to ensure that particular crypto operation is performed on
+ * particular crypto device, a subclass of xmlSecList is used to store slot and
+ * mechanism information.
+ *
+ * In the list, a slot is bound with a mechanism. If the mechanism is available,
+ * this mechanism only can perform on the slot; otherwise, it can perform on
+ * every eligibl slot in the list.
+ *
+ * When try to find a slot for a particular mechanism, the slot bound with
+ * avaliable mechanism will be looked up firstly.
+ */
+#include "globals.h"
+#include <string.h>
+
+#include <xmlsec/xmlsec.h>
+#include <xmlsec/errors.h>
+#include <xmlsec/list.h>
+
+#include <xmlsec/nss/tokens.h>
+
+int
+xmlSecNssKeySlotSetMechList(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE_PTR mechanismList
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( keySlot->mechanismList != CK_NULL_PTR ) {
+ xmlFree( keySlot->mechanismList ) ;
+
+ for( counter = 0 ; *( mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ keySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( keySlot->mechanismList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ for( ; counter >= 0 ; counter -- )
+ *( keySlot->mechanismList + counter ) = *( mechanismList + counter ) ;
+ }
+
+ return( 0 );
+}
+
+int
+xmlSecNssKeySlotEnableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) {
+ int counter ;
+ CK_MECHANISM_TYPE_PTR newList ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( mechanism != CKM_INVALID_MECHANISM ) {
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ newList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( newList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ *( newList + counter + 1 ) = CKM_INVALID_MECHANISM ;
+ *( newList + counter ) = mechanism ;
+ for( counter -= 1 ; counter >= 0 ; counter -- )
+ *( newList + counter ) = *( keySlot->mechanismList + counter ) ;
+
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = newList ;
+ }
+
+ return(0);
+}
+
+int
+xmlSecNssKeySlotDisableMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE mechanism
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ if( *( keySlot->mechanismList + counter ) == mechanism ) {
+ for( ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ *( keySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter + 1 ) ;
+ }
+
+ break ;
+ }
+ }
+
+ return(0);
+}
+
+CK_MECHANISM_TYPE_PTR
+xmlSecNssKeySlotGetMechList(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ if( keySlot != NULL )
+ return keySlot->mechanismList ;
+ else
+ return NULL ;
+}
+
+int
+xmlSecNssKeySlotSetSlot(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) {
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( slot != NULL && keySlot->slot != slot ) {
+ if( keySlot->slot != NULL )
+ PK11_FreeSlot( keySlot->slot ) ;
+
+ if( keySlot->mechanismList != NULL ) {
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = NULL ;
+ }
+
+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ return(0);
+}
+
+int
+xmlSecNssKeySlotInitialize(
+ xmlSecNssKeySlotPtr keySlot ,
+ PK11SlotInfo* slot
+) {
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+ xmlSecAssert2( keySlot->slot == NULL , -1 ) ;
+ xmlSecAssert2( keySlot->mechanismList == NULL , -1 ) ;
+
+ if( slot != NULL ) {
+ keySlot->slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ return(0);
+}
+
+void
+xmlSecNssKeySlotFinalize(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+
+ if( keySlot->mechanismList != NULL ) {
+ xmlFree( keySlot->mechanismList ) ;
+ keySlot->mechanismList = NULL ;
+ }
+
+ if( keySlot->slot != NULL ) {
+ PK11_FreeSlot( keySlot->slot ) ;
+ keySlot->slot = NULL ;
+ }
+
+}
+
+PK11SlotInfo*
+xmlSecNssKeySlotGetSlot(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ if( keySlot != NULL )
+ return keySlot->slot ;
+ else
+ return NULL ;
+}
+
+xmlSecNssKeySlotPtr
+xmlSecNssKeySlotCreate() {
+ xmlSecNssKeySlotPtr keySlot ;
+
+ /* Allocates a new xmlSecNssKeySlot and fill the fields */
+ keySlot = ( xmlSecNssKeySlotPtr )xmlMalloc( sizeof( xmlSecNssKeySlot ) ) ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+ memset( keySlot, 0, sizeof( xmlSecNssKeySlot ) ) ;
+
+ return( keySlot ) ;
+}
+
+int
+xmlSecNssKeySlotCopy(
+ xmlSecNssKeySlotPtr newKeySlot ,
+ xmlSecNssKeySlotPtr keySlot
+) {
+ CK_MECHANISM_TYPE_PTR mech ;
+ int counter ;
+
+ xmlSecAssert2( newKeySlot != NULL , -1 ) ;
+ xmlSecAssert2( keySlot != NULL , -1 ) ;
+
+ if( keySlot->slot != NULL && newKeySlot->slot != keySlot->slot ) {
+ if( newKeySlot->slot != NULL )
+ PK11_FreeSlot( newKeySlot->slot ) ;
+
+ newKeySlot->slot = PK11_ReferenceSlot( keySlot->slot ) ;
+ }
+
+ if( keySlot->mechanismList != CK_NULL_PTR ) {
+ xmlFree( newKeySlot->mechanismList ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) ;
+ newKeySlot->mechanismList = ( CK_MECHANISM_TYPE_PTR )xmlMalloc( ( counter + 1 ) * sizeof( CK_MECHANISM_TYPE ) ) ;
+ if( newKeySlot->mechanismList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+ for( ; counter >= 0 ; counter -- )
+ *( newKeySlot->mechanismList + counter ) = *( keySlot->mechanismList + counter ) ;
+ }
+
+ return( 0 );
+}
+
+xmlSecNssKeySlotPtr
+xmlSecNssKeySlotDuplicate(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecNssKeySlotPtr newKeySlot ;
+ int ret ;
+
+ xmlSecAssert2( keySlot != NULL , NULL ) ;
+
+ newKeySlot = xmlSecNssKeySlotCreate() ;
+ if( newKeySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+
+ if( xmlSecNssKeySlotCopy( newKeySlot, keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( NULL );
+ }
+
+ return( newKeySlot );
+}
+
+void
+xmlSecNssKeySlotDestroy(
+ xmlSecNssKeySlotPtr keySlot
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+
+ if( keySlot->mechanismList != NULL )
+ xmlFree( keySlot->mechanismList ) ;
+
+ if( keySlot->slot != NULL )
+ PK11_FreeSlot( keySlot->slot ) ;
+
+ xmlFree( keySlot ) ;
+}
+
+int
+xmlSecNssKeySlotBindMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) {
+ int counter ;
+
+ xmlSecAssert2( keySlot != NULL , 0 ) ;
+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+
+ for( counter = 0 ; *( keySlot->mechanismList + counter ) != CKM_INVALID_MECHANISM ; counter ++ ) {
+ if( *( keySlot->mechanismList + counter ) == type )
+ return(1) ;
+ }
+
+ return( 0 ) ;
+}
+
+int
+xmlSecNssKeySlotSupportMech(
+ xmlSecNssKeySlotPtr keySlot ,
+ CK_MECHANISM_TYPE type
+) {
+ xmlSecAssert2( keySlot != NULL , 0 ) ;
+ xmlSecAssert2( keySlot->slot != NULL , 0 ) ;
+ xmlSecAssert2( type != CKM_INVALID_MECHANISM , 0 ) ;
+
+ if( PK11_DoesMechanism( keySlot->slot , type ) == PR_TRUE ) {
+ return(1);
+ } else
+ return(0);
+}
+
+void
+xmlSecNssKeySlotDebugDump(
+ xmlSecNssKeySlotPtr keySlot ,
+ FILE* output
+) {
+ xmlSecAssert( keySlot != NULL ) ;
+ xmlSecAssert( output != NULL ) ;
+
+ fprintf( output, "== KEY SLOT\n" );
+}
+
+void
+xmlSecNssKeySlotDebugXmlDump(
+ xmlSecNssKeySlotPtr keySlot ,
+ FILE* output
+) {
+}
+
+/**
+ * Key Slot List
+ */
+#ifdef __MINGW32__ // for runtime-pseudo-reloc
+static struct _xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
+#else
+static xmlSecPtrListKlass xmlSecNssKeySlotPtrListKlass = {
+#endif
+ BAD_CAST "mechanism-list",
+ (xmlSecPtrDuplicateItemMethod)xmlSecNssKeySlotDuplicate,
+ (xmlSecPtrDestroyItemMethod)xmlSecNssKeySlotDestroy,
+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugDump,
+ (xmlSecPtrDebugDumpItemMethod)xmlSecNssKeySlotDebugXmlDump,
+};
+
+xmlSecPtrListId
+xmlSecNssKeySlotListGetKlass(void) {
+ return(&xmlSecNssKeySlotPtrListKlass);
+}
+
+
+/*-
+ * Global PKCS#11 crypto token repository -- Key slot list
+ */
+static xmlSecPtrListPtr _xmlSecNssKeySlotList = NULL ;
+
+PK11SlotInfo*
+xmlSecNssSlotGet(
+ CK_MECHANISM_TYPE type
+) {
+ PK11SlotInfo* slot = NULL ;
+ xmlSecNssKeySlotPtr keySlot ;
+ xmlSecSize ksSize ;
+ xmlSecSize ksPos ;
+ char flag ;
+
+ if( _xmlSecNssKeySlotList == NULL ) {
+ slot = PK11_GetBestSlot( type , NULL ) ;
+ } else {
+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
+
+ /*-
+ * Firstly, checking whether the mechanism is bound with a special slot.
+ * If no bound slot, we try to find the first eligible slot in the list.
+ */
+ for( flag = 0, ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
+ if( keySlot != NULL && xmlSecNssKeySlotBindMech( keySlot, type ) ) {
+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+ flag = 2 ;
+ } else if( flag == 0 && xmlSecNssKeySlotSupportMech( keySlot, type ) ) {
+ slot = xmlSecNssKeySlotGetSlot( keySlot ) ;
+ flag = 1 ;
+ }
+
+ if( flag == 2 )
+ break ;
+ }
+ if( slot != NULL )
+ slot = PK11_ReferenceSlot( slot ) ;
+ }
+
+ if( slot != NULL && PK11_NeedLogin( slot ) ) {
+ if( PK11_Authenticate( slot , PR_TRUE , NULL ) != SECSuccess ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ PK11_FreeSlot( slot ) ;
+ return( NULL );
+ }
+ }
+
+ return slot ;
+}
+
+int
+xmlSecNssSlotInitialize(
+ void
+) {
+ if( _xmlSecNssKeySlotList != NULL ) {
+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
+ _xmlSecNssKeySlotList = NULL ;
+ }
+
+ _xmlSecNssKeySlotList = xmlSecPtrListCreate( xmlSecNssKeySlotListId ) ;
+ if( _xmlSecNssKeySlotList == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return( -1 );
+ }
+
+ return(0);
+}
+
+void
+xmlSecNssSlotShutdown(
+ void
+) {
+ if( _xmlSecNssKeySlotList != NULL ) {
+ xmlSecPtrListDestroy( _xmlSecNssKeySlotList ) ;
+ _xmlSecNssKeySlotList = NULL ;
+ }
+}
+
+int
+xmlSecNssSlotAdopt(
+ PK11SlotInfo* slot,
+ CK_MECHANISM_TYPE type
+) {
+ xmlSecNssKeySlotPtr keySlot ;
+ xmlSecSize ksSize ;
+ xmlSecSize ksPos ;
+ char flag ;
+
+ xmlSecAssert2( _xmlSecNssKeySlotList != NULL, -1 ) ;
+ xmlSecAssert2( slot != NULL, -1 ) ;
+
+ ksSize = xmlSecPtrListGetSize( _xmlSecNssKeySlotList ) ;
+
+ /*-
+ * Firstly, checking whether the slot is in the repository already.
+ */
+ flag = 0 ;
+ for( ksPos = 0 ; ksPos < ksSize ; ksPos ++ ) {
+ keySlot = ( xmlSecNssKeySlotPtr )xmlSecPtrListGetItem( _xmlSecNssKeySlotList, ksPos ) ;
+ /* If find the slot in the list */
+ if( keySlot != NULL && xmlSecNssKeySlotGetSlot( keySlot ) == slot ) {
+ /* If mechnism type is valid, bind the slot with the mechanism */
+ if( type != CKM_INVALID_MECHANISM ) {
+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+ }
+
+ flag = 1 ;
+ }
+ }
+
+ /* If the slot do not in the list, add a new item to the list */
+ if( flag == 0 ) {
+ /* Create a new KeySlot */
+ keySlot = xmlSecNssKeySlotCreate() ;
+ if( keySlot == NULL ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ return(-1);
+ }
+
+ /* Initialize the keySlot with a slot */
+ if( xmlSecNssKeySlotInitialize( keySlot, slot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return(-1);
+ }
+
+ /* If mechnism type is valid, bind the slot with the mechanism */
+ if( type != CKM_INVALID_MECHANISM ) {
+ if( xmlSecNssKeySlotEnableMech( keySlot, type ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return(-1);
+ }
+ }
+
+ /* Add keySlot into the list */
+ if( xmlSecPtrListAdd( _xmlSecNssKeySlotList, keySlot ) < 0 ) {
+ xmlSecError( XMLSEC_ERRORS_HERE ,
+ NULL ,
+ NULL ,
+ XMLSEC_ERRORS_R_XMLSEC_FAILED ,
+ XMLSEC_ERRORS_NO_MESSAGE ) ;
+ xmlSecNssKeySlotDestroy( keySlot ) ;
+ return(-1);
+ }
+ }
+
+ return(0);
+}
+
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-21 23:46:46 +0000