int
xmlSecAppCryptoSimpleKeysMngrBinaryKeyLoad(xmlSecKeysMngrPtr mngr, const char* keyKlass, const char *filename, const char *name) {
xmlSecKeyPtr key;
xmlSecKeyDataId dataId;
int ret;
xmlSecAssert2(mngr != NULL, -1);
xmlSecAssert2(keyKlass != NULL, -1);
xmlSecAssert2(filename != NULL, -1);
/* find requested data */
dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), BAD_CAST keyKlass,
xmlSecKeyDataUsageAny);
if(dataId == xmlSecKeyDataIdUnknown) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyDataIdListFindByName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(keyKlass));
return(-1);
}
key = xmlSecKeyReadBinaryFile(dataId, filename);
if(key == NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeyReadBinaryFile",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ret = xmlSecKeySetName(key, BAD_CAST name);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecKeySetName",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"name=%s",
xmlSecErrorsSafeString(name));
xmlSecKeyDestroy(key);
return(-1);
}
/* finally add it to keys manager */
ret = xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
NULL,
"xmlSecCryptoAppDefaultKeysMngrAdoptKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlSecKeyDestroy(key);
return(-1);
}
return(0);
}
CAMLprim value xmlsecml_xmlSecKeyReadBinaryFile(value camlKeyDataId, value camlFileName)
{
CAMLparam2(camlKeyDataId, camlFileName);
xmlSecKeyDataId keyDataId = xmlSecKeyDataAesId;
char *filename = String_val(camlFileName);
xmlSecKeyPtr key = xmlSecKeyReadBinaryFile(keyDataId, filename);
assert(key!=NULL);
CAMLreturn(alloc_key(key));
}
/**
* load_des_keys:
* @files: the list of filenames.
* @files_size: the number of filenames in #files.
*
* Creates simple keys manager and load DES keys from #files in it.
* The caller is responsible for destroing returned keys manager using
* @xmlSecKeysMngrDestroy.
*
* Returns the pointer to newly created keys manager or NULL if an error
* occurs.
*/
xmlSecKeysMngrPtr
load_des_keys(char** files, int files_size) {
xmlSecKeysMngrPtr mngr;
xmlSecKeyPtr key;
int i;
assert(files);
assert(files_size > 0);
/* create and initialize keys manager, we use a simple list based
* keys manager, implement your own xmlSecKeysStore klass if you need
* something more sophisticated
*/
mngr = xmlSecKeysMngrCreate();
if(mngr == NULL) {
fprintf(stderr, "Error: failed to create keys manager.\n");
return(NULL);
}
if(xmlSecCryptoAppDefaultKeysMngrInit(mngr) < 0) {
fprintf(stderr, "Error: failed to initialize keys manager.\n");
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
for(i = 0; i < files_size; ++i) {
assert(files[i]);
/* load DES key */
key = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, files[i]);
if(key == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", files[i]);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(key, BAD_CAST files[i]) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", files[i]);
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
/* add key to keys manager, from now on keys manager is responsible
* for destroying key
*/
if(xmlSecCryptoAppDefaultKeysMngrAdoptKey(mngr, key) < 0) {
fprintf(stderr,"Error: failed to add key from \"%s\" to keys manager\n", files[i]);
xmlSecKeyDestroy(key);
xmlSecKeysMngrDestroy(mngr);
return(NULL);
}
}
return(mngr);
}
/**
* files_keys_store_find_key:
* @store: the pointer to simple keys store.
* @name: the desired key name.
* @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context.
*
* Lookups key in the @store. The caller is responsible for destroying
* returned key with #xmlSecKeyDestroy function.
*
* Returns pointer to key or NULL if key not found or an error occurs.
*/
static xmlSecKeyPtr
files_keys_store_find_key(xmlSecKeyStorePtr store, const xmlChar* name, xmlSecKeyInfoCtxPtr keyInfoCtx) {
xmlSecKeyPtr key;
const xmlChar* p;
assert(store);
assert(keyInfoCtx);
/* it's possible to do not have the key name or desired key type
* but we could do nothing in this case */
if((name == NULL) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataIdUnknown)) {
return(NULL);
}
/* we don't want to open files in a folder other than "current";
* to prevent it limit the characters in the key name to alpha/digit,
* '.', '-' or '_'.
*/
for(p = name; (*p) != '\0'; ++p) {
if(!isalnum((*p)) && ((*p) != '.') && ((*p) != '-') && ((*p) != '_')) {
return(NULL);
}
}
if((keyInfoCtx->keyReq.keyId == xmlSecKeyDataDsaId) || (keyInfoCtx->keyReq.keyId == xmlSecKeyDataRsaId)) {
/* load key from a pem file, if key is not found then it's an error (is it?) */
key = xmlSecCryptoAppKeyLoad(name, xmlSecKeyDataFormatPem, NULL, NULL, NULL);
if(key == NULL) {
fprintf(stderr,"Error: failed to load public pem key from \"%s\"\n", name);
return(NULL);
}
} else {
/* otherwise it's a binary key, if key is not found then it's an error (is it?) */
key = xmlSecKeyReadBinaryFile(keyInfoCtx->keyReq.keyId, name);
if(key == NULL) {
fprintf(stderr,"Error: failed to load key from binary file \"%s\"\n", name);
return(NULL);
}
}
/* set key name */
if(xmlSecKeySetName(key, name) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", name);
xmlSecKeyDestroy(key);
return(NULL);
}
return(key);
}
/**
* encrypt_file:
* @xml_file: the encryption template file name.
* @key_file: the Triple DES key file.
*
* Encrypts #xml_file using a dynamicaly created template and DES key from
* #key_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
encrypt_file(const char* xml_file, const char* key_file) {
xmlDocPtr doc = NULL;
xmlNodePtr encDataNode = NULL;
xmlNodePtr keyInfoNode = NULL;
xmlSecEncCtxPtr encCtx = NULL;
int res = -1;
assert(xml_file);
assert(key_file);
/* load template */
doc = xmlParseFile(xml_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
fprintf(stderr, "Error: unable to parse file \"%s\"\n", xml_file);
goto done;
}
/* create encryption template to encrypt XML file and replace
* its content with encryption result */
encDataNode = xmlSecTmplEncDataCreate(doc, xmlSecTransformDes3CbcId,
NULL, xmlSecTypeEncElement, NULL, NULL);
if(encDataNode == NULL) {
fprintf(stderr, "Error: failed to create encryption template\n");
goto done;
}
/* we want to put encrypted data in the <enc:CipherValue/> node */
if(xmlSecTmplEncDataEnsureCipherValue(encDataNode) == NULL) {
fprintf(stderr, "Error: failed to add CipherValue node\n");
goto done;
}
/* add <dsig:KeyInfo/> and <dsig:KeyName/> nodes to put key name in the signed document */
keyInfoNode = xmlSecTmplEncDataEnsureKeyInfo(encDataNode, NULL);
if(keyInfoNode == NULL) {
fprintf(stderr, "Error: failed to add key info\n");
goto done;
}
if(xmlSecTmplKeyInfoAddKeyName(keyInfoNode, NULL) == NULL) {
fprintf(stderr, "Error: failed to add key name\n");
goto done;
}
/* create encryption context, we don't need keys manager in this example */
encCtx = xmlSecEncCtxCreate(NULL);
if(encCtx == NULL) {
fprintf(stderr,"Error: failed to create encryption context\n");
goto done;
}
/* load DES key, assuming that there is not password */
encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
if(encCtx->encKey == NULL) {
fprintf(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
fprintf(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* encrypt the data */
if(xmlSecEncCtxXmlEncrypt(encCtx, encDataNode, xmlDocGetRootElement(doc)) < 0) {
fprintf(stderr,"Error: encryption failed\n");
goto done;
}
/* we template is inserted in the doc */
encDataNode = NULL;
/* print encrypted data with document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(encCtx != NULL) {
xmlSecEncCtxDestroy(encCtx);
}
if(encDataNode != NULL) {
xmlFreeNode(encDataNode);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
/**
* encrypt_file:
* @tmpl_file: the encryption template file name.
* @key_file: the Triple DES key file.
* @data: the binary data to encrypt.
* @dataSize: the binary data size.
*
* Encrypts binary #data using template from #tmpl_file and DES key from
* #key_file.
*
* Returns 0 on success or a negative value if an error occurs.
*/
int
encrypt_file(const char* tmpl_file, const char* key_file,
const unsigned char* data, size_t dataSize) {
xmlDocPtr doc = NULL;
xmlNodePtr node = NULL;
xmlSecEncCtxPtr encCtx = NULL;
int res = -1;
assert(tmpl_file);
assert(key_file);
assert(data);
/* load template */
doc = xmlParseFile(tmpl_file);
if ((doc == NULL) || (xmlDocGetRootElement(doc) == NULL)){
printf_a_ignorar3(stderr, "Error: unable to parse file \"%s\"\n", tmpl_file);
goto done;
}
/* find start node */
node = xmlSecFindNode(xmlDocGetRootElement(doc), xmlSecNodeEncryptedData, xmlSecEncNs);
if(node == NULL) {
printf_a_ignorar3(stderr, "Error: start node not found in \"%s\"\n", tmpl_file);
goto done;
}
/* create encryption context, we don't need keys manager in this example */
encCtx = xmlSecEncCtxCreate(NULL);
if(encCtx == NULL) {
printf_a_ignorar3(stderr,"Error: failed to create encryption context\n");
goto done;
}
/* load DES key, assuming that there is not password */
encCtx->encKey = xmlSecKeyReadBinaryFile(xmlSecKeyDataDesId, key_file);
if(encCtx->encKey == NULL) {
printf_a_ignorar3(stderr,"Error: failed to load des key from binary file \"%s\"\n", key_file);
goto done;
}
/* set key name to the file name, this is just an example! */
if(xmlSecKeySetName(encCtx->encKey, key_file) < 0) {
printf_a_ignorar3(stderr,"Error: failed to set key name for key from \"%s\"\n", key_file);
goto done;
}
/* encrypt the data */
if(xmlSecEncCtxBinaryEncrypt(encCtx, node, data, dataSize) < 0) {
printf_a_ignorar3(stderr,"Error: encryption failed\n");
goto done;
}
/* print encrypted data with document to stdout */
xmlDocDump(stdout, doc);
/* success */
res = 0;
done:
/* cleanup */
if(encCtx != NULL) {
xmlSecEncCtxDestroy(encCtx);
}
if(doc != NULL) {
xmlFreeDoc(doc);
}
return(res);
}
