static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
RSA *rsa;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey == NULL, -1);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
xmlSecInternalError("xmlSecOpenSSLKeyDataRsaGetEvp",
xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1);
rsa = EVP_PKEY_get0_RSA(pKey);
xmlSecAssert2(rsa != NULL, -1);
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecInternalError("xmlSecOpenSSLEvpKeyDup",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
/**
* xmlSecBase64Decode:
* @str: the input buffer with base64 encoded string
* @buf: the output buffer
* @len: the output buffer size
*
* Decodes input base64 encoded string and puts result into
* the output buffer.
*
* Returns: the number of bytes written to the output buffer or
* a negative value if an error occurs
*/
int
xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) {
xmlSecBase64Ctx ctx;
int size_update;
int size_final;
int ret;
xmlSecAssert2(str != NULL, -1);
xmlSecAssert2(buf != NULL, -1);
ret = xmlSecBase64CtxInitialize(&ctx, 0, 0);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxInitialize", NULL);
return(-1);
}
ret = xmlSecBase64CtxUpdate(&ctx, (const xmlSecByte*)str, xmlStrlen(str), buf, len);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxUpdate", NULL);
xmlSecBase64CtxFinalize(&ctx);
return(-1);
}
size_update = ret;
ret = xmlSecBase64CtxFinal(&ctx, buf + size_update, len - size_update);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxFinal", NULL);
xmlSecBase64CtxFinalize(&ctx);
return(-1);
}
size_final = ret;
xmlSecBase64CtxFinalize(&ctx);
return(size_update + size_final);
}
int main()
{
int ret;
// OK
ret = foo();
if (ret < 0)
{
xmlSecInternalError("foo", NULL);
}
// OK
ret = outer(1, strlen("x"));
if (ret < 0)
{
xmlSecInternalError("outer", NULL);
}
// KO
ret = foo();
if (ret < 0)
{
xmlSecInternalError("bar", NULL);
}
}
/**
* xmlSecBase64CtxUpdate:
* @ctx: the pointer to #xmlSecBase64Ctx structure
* @in: the input buffer
* @inSize: the input buffer size
* @out: the output buffer
* @outSize: the output buffer size
*
* Encodes or decodes the next piece of data from input buffer.
*
* Returns: the number of bytes written to output buffer or
* -1 if an error occurs.
*/
int
xmlSecBase64CtxUpdate(xmlSecBase64CtxPtr ctx,
const xmlSecByte *in, xmlSecSize inSize,
xmlSecByte *out, xmlSecSize outSize) {
xmlSecSize inResSize = 0, outResSize = 0;
int ret;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(in != NULL, -1);
xmlSecAssert2(out != NULL, -1);
if(ctx->encode != 0) {
ret = xmlSecBase64CtxEncode(ctx, in, inSize, &inResSize,
out, outSize, &outResSize);
if((ret < 0) || (inResSize != inSize)) {
xmlSecInternalError("xmlSecBase64CtxEncode", NULL);
return(-1);
}
} else {
ret = xmlSecBase64CtxDecode(ctx, in, inSize, &inResSize,
out, outSize, &outResSize);
if((ret < 0) || (inResSize != inSize)) {
xmlSecInternalError("xmlSecBase64CtxDecode", NULL);
return(-1);
}
}
return(outResSize);
}
/**
* xmlSecNssKeysMngrInit:
* @mngr: the pointer to keys manager.
*
* Adds NSS specific key data stores in keys manager.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
int ret;
xmlSecAssert2(mngr != NULL, -1);
#ifndef XMLSEC_NO_X509
/* create x509 store if needed */
if(xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId) == NULL) {
xmlSecKeyDataStorePtr x509Store;
x509Store = xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId);
if(x509Store == NULL) {
xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId)", NULL);
return(-1);
}
ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
if(ret < 0) {
xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL);
xmlSecKeyDataStoreDestroy(x509Store);
return(-1);
}
}
#endif /* XMLSEC_NO_X509 */
return(0);
}
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
xmlSecInvalidNodeError(cur, xmlSecNodeXPointer,
xmlSecTransformGetName(transform));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetTree;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
/**
* xmlSecTransformXPointerSetExpr:
* @transform: the pointer to XPointer transform.
* @expr: the XPointer expression.
* @nodeSetType: the type of evaluated XPointer expression.
* @hereNode: the pointer to "here" node.
*
* Sets the XPointer expression for an XPointer @transform.
*
* Returns: 0 on success or a negative value if an error occurs.
*/
int
xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
xmlSecNodeSetType nodeSetType, xmlNodePtr hereNode) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
xmlSecAssert2(transform->hereNode == NULL, -1);
xmlSecAssert2(expr != NULL, -1);
xmlSecAssert2(hereNode != NULL, -1);
transform->hereNode = hereNode;
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataRegisterNamespaces(data, hereNode);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataRegisterNamespaces",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
ret = xmlSecXPathDataSetExpr(data, expr);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataSetExpr",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = nodeSetType;
return(0);
}
/**
* xmlSecBase64Encode:
* @buf: the input buffer.
* @len: the input buffer size.
* @columns: the output max line length (if 0 then no line breaks
* would be inserted)
*
* Encodes the data from input buffer and allocates the string for the result.
* The caller is responsible for freeing returned buffer using
* xmlFree() function.
*
* Returns: newly allocated string with base64 encoded data
* or NULL if an error occurs.
*/
xmlChar*
xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) {
xmlSecBase64Ctx ctx;
xmlChar *ptr;
xmlSecSize size;
int size_update, size_final;
int ret;
xmlSecAssert2(buf != NULL, NULL);
ret = xmlSecBase64CtxInitialize(&ctx, 1, columns);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxInitialize", NULL);
return(NULL);
}
/* create result buffer */
size = (4 * len) / 3 + 4;
if(columns > 0) {
size += (size / columns) + 4;
}
ptr = (xmlChar*) xmlMalloc(size);
if(ptr == NULL) {
xmlSecMallocError(size, NULL);
xmlSecBase64CtxFinalize(&ctx);
return(NULL);
}
ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size);
if(ret < 0) {
xmlSecInternalError3("xmlSecBase64CtxUpdate", NULL,
"len=%lu;size=%lu",
(unsigned long)len, (unsigned long)size);
xmlFree(ptr);
xmlSecBase64CtxFinalize(&ctx);
return(NULL);
}
size_update = ret;
ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxFinal", NULL);
xmlFree(ptr);
xmlSecBase64CtxFinalize(&ctx);
return(NULL);
}
size_final = ret;
ptr[size_update + size_final] = '\0';
xmlSecBase64CtxFinalize(&ctx);
return(ptr);
}
/**
* xmlSecBase64CtxFinal:
* @ctx: the pointer to #xmlSecBase64Ctx structure
* @out: the output buffer
* @outSize: the output buffer size
*
* Encodes or decodes the last piece of data stored in the context
* and finalizes the result.
*
* Returns: the number of bytes written to output buffer or
* -1 if an error occurs.
*/
int
xmlSecBase64CtxFinal(xmlSecBase64CtxPtr ctx,
xmlSecByte *out, xmlSecSize outSize) {
xmlSecSize outResSize = 0;
int ret;
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(out != NULL, -1);
xmlSecAssert2(outSize > 0, -1);
if(ctx->encode != 0) {
ret = xmlSecBase64CtxEncodeFinal(ctx, out, outSize, &outResSize);
if(ret < 0) {
xmlSecInternalError2("xmlSecBase64CtxEncodeFinal", NULL, "outSize=%d", outSize);
return(-1);
}
} else {
if(!xmlSecBase64CtxDecodeIsFinished(ctx)) {
xmlSecInternalError("xmlSecBase64CtxIsFinished", NULL);
return(-1);
}
}
/* add \0 */
if((outResSize + 1) < outSize) {
out[outResSize] = '\0';
}
return(outResSize);
}
static int
xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlDocPtr doc;
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
xmlSecAssert2(transform->hereNode != NULL, -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, -1);
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
transform->hereNode, transform->inNodes);
if(transform->outNodes == NULL) {
xmlSecInternalError("xmlSecXPathDataExecute",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int xmlSecMSCngSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCngSignatureCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
xmlSecAssert2(ctx->pszHashAlgId != 0, -1);
xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(value != NULL, -1);
ctx->data = xmlSecKeyDataDuplicate(value);
if(ctx->data == NULL) {
xmlSecInternalError("xmlSecKeyDataDuplicate",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);
cur = xmlSecGetNextElementNode(node->children);
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferBase64NodeContentRead",
xmlSecTransformGetName(transform));
return(-1);
}
} else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) {
xmlChar* algorithm;
/* Algorithm attribute is required */
algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
if(algorithm == NULL) {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm,
xmlSecTransformGetName(transform),
"empty");
return(-1);
}
/* for now we support only sha1 */
if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
xmlSecInvalidTransfromError2(transform,
"digest algorithm=\"%s\" is not supported for rsa/oaep",
xmlSecErrorsSafeString(algorithm));
xmlFree(algorithm);
return(-1);
}
xmlFree(algorithm);
} else {
/* not found */
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
/* next node */
cur = xmlSecGetNextElementNode(cur->next);
}
return(0);
}
/**
* xmlSecNssInit:
*
* XMLSec library specific crypto engine initialization.
*
* Returns: 0 on success or a negative value otherwise.
*/
int
xmlSecNssInit (void) {
/* Check loaded xmlsec library version */
if(xmlSecCheckVersionExact() != 1) {
xmlSecInternalError("xmlSecCheckVersionExact", NULL);
return(-1);
}
/* set default errors callback for xmlsec to us */
xmlSecErrorsSetCallback(xmlSecNssErrorsDefaultCallback);
/* register our klasses */
if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) {
xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL);
return(-1);
}
return(0);
}
static int xmlSecMSCngSignatureVerify(xmlSecTransformPtr transform,
const xmlSecByte* data,
xmlSecSize dataSize,
xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCngSignatureCtxPtr ctx;
BCRYPT_KEY_HANDLE pubkey;
NTSTATUS status;
int ret;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(dataSize > 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
pubkey = xmlSecMSCngKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic);
if(pubkey == 0) {
xmlSecInternalError("xmlSecMSCngKeyDataGetKey",
xmlSecTransformGetName(transform));
return(-1);
}
status = BCryptVerifySignature(
pubkey,
NULL,
ctx->pbHash,
ctx->cbHash,
(PBYTE)data,
dataSize,
0);
if(status != STATUS_SUCCESS) {
if(status == STATUS_INVALID_SIGNATURE) {
xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH,
xmlSecTransformGetName(transform),
"BCryptVerifySignature: the signature was not verified");
transform->status = xmlSecTransformStatusFail;
return(-1);
} else {
xmlSecMSCngNtError("BCryptVerifySignature",
xmlSecTransformGetName(transform), status);
return(-1);
}
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
static xmlSecNodeSetPtr
xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
xmlNodePtr hereNode, xmlSecNodeSetPtr nodes) {
xmlSecXPathDataPtr data;
xmlSecNodeSetPtr res, tmp, tmp2;
xmlSecSize pos;
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), NULL);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, NULL);
xmlSecAssert2(doc != NULL, NULL);
xmlSecAssert2(hereNode != NULL, NULL);
res = nodes;
for(pos = 0; pos < xmlSecPtrListGetSize(dataList); ++pos) {
data = (xmlSecXPathDataPtr)xmlSecPtrListGetItem(dataList, pos);
if(data == NULL) {
xmlSecInternalError2("xmlSecPtrListGetItem", NULL, "pos=%d", pos);
if((res != NULL) && (res != nodes)) {
xmlSecNodeSetDestroy(res);
}
return(NULL);
}
tmp = xmlSecXPathDataExecute(data, doc, hereNode);
if(tmp == NULL) {
xmlSecInternalError("xmlSecXPathDataExecute", NULL);
if((res != NULL) && (res != nodes)) {
xmlSecNodeSetDestroy(res);
}
return(NULL);
}
tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp);
if(tmp2 == NULL) {
xmlSecInternalError2("xmlSecNodeSetAdd", NULL,
"nodeSetOp=%d", (int)data->nodeSetOp);
if((res != NULL) && (res != nodes)) {
xmlSecNodeSetDestroy(res);
}
xmlSecNodeSetDestroy(tmp);
return(NULL);
}
res = tmp2;
}
return(res);
}
static int
xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) {
xmlSecPtrListPtr dataList;
int ret;
xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(dataList != NULL, -1);
ret = xmlSecPtrListInitialize(dataList, xmlSecXPathDataListId);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListInitialize",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
xmlSecTransformCtxPtr transformCtx) {
xmlChar** idPtr;
xmlDocPtr doc;
xmlAttrPtr attr;
xmlNodeSetPtr nodeSet;
xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
xmlSecAssert2(transform->outNodes == NULL, -1);
xmlSecAssert2(last != 0, -1);
xmlSecAssert2(transformCtx != NULL, -1);
idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
xmlSecAssert2(idPtr != NULL, -1);
xmlSecAssert2((*idPtr) != NULL, -1);
doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
xmlSecAssert2(doc != NULL, -1);
attr = xmlGetID(doc, (*idPtr));
if((attr == NULL) || (attr->parent == NULL)) {
xmlSecXmlError2("xmlGetID", xmlSecTransformGetName(transform),
"id=\"%s\"", xmlSecErrorsSafeString(*idPtr));
return(-1);
}
nodeSet = xmlXPathNodeSetCreate(attr->parent);
if(nodeSet == NULL) {
xmlSecXmlError2("xmlXPathNodeSetCreate", xmlSecTransformGetName(transform),
"id=\"%s\"", xmlSecErrorsSafeString(*idPtr));
return(-1);
}
transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments);
if(transform->outNodes == NULL) {
xmlSecInternalError("xmlSecNodeSetCreate",
xmlSecTransformGetName(transform));
xmlXPathFreeNodeSet(nodeSet);
return(-1);
}
return(0);
}
static int
xmlSecBase64Initialize(xmlSecTransformPtr transform) {
xmlSecBase64CtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
transform->operation = xmlSecTransformOperationDecode;
ret = xmlSecBase64CtxInitialize(ctx, 0, xmlSecBase64GetDefaultLineSize());
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxInitialize",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLRsaOaepInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferInitialize",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
/**
* xmlSecBase64CtxCreate:
* @encode: the encode/decode flag (1 - encode, 0 - decode)
* @columns: the max line length.
*
* Allocates and initializes new base64 context.
*
* Returns: a pointer to newly created #xmlSecBase64Ctx structure
* or NULL if an error occurs.
*/
xmlSecBase64CtxPtr
xmlSecBase64CtxCreate(int encode, int columns) {
xmlSecBase64CtxPtr ctx;
int ret;
/*
* Allocate a new xmlSecBase64CtxPtr and fill the fields.
*/
ctx = (xmlSecBase64CtxPtr) xmlMalloc(sizeof(xmlSecBase64Ctx));
if (ctx == NULL) {
xmlSecMallocError(sizeof(xmlSecBase64Ctx), NULL);
return(NULL);
}
ret = xmlSecBase64CtxInitialize(ctx, encode, columns);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxInitialize", NULL);
xmlSecBase64CtxDestroy(ctx);
return(NULL);
}
return(ctx);
}
static int
xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
}
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
if(ret < 0) {
xmlSecInternalError("xmlSecOpenSSLRsaOaepProcess",
xmlSecTransformGetName(transform));
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
xmlSecInvalidTransfromStatusError(transform);
return(-1);
}
return(0);
}
static int
xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) {
int ret;
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(data->expr == NULL, -1);
xmlSecAssert2(data->ctx != NULL, -1);
xmlSecAssert2(node != NULL, -1);
ret = xmlSecXPathDataRegisterNamespaces (data, node);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataRegisterNamespaces", NULL);
return(-1);
}
/* read node content and set expr */
data->expr = xmlNodeGetContent(node);
if(data->expr == NULL) {
xmlSecInvalidNodeContentError(node, NULL, "empty");
return(-1);
}
return(0);
}
static int
xmlSecMSCngSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCngSignatureCtxPtr ctx;
xmlSecSize inSize;
xmlSecSize outSize;
NTSTATUS status;
DWORD cbData = 0;
DWORD cbHashObject = 0;
int ret;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pszHashAlgId != NULL, -1);
inSize = xmlSecBufferGetSize(&transform->inBuf);
outSize = xmlSecBufferGetSize(&transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
xmlSecAssert2(outSize == 0, -1);
/* open an algorithm handle */
status = BCryptOpenAlgorithmProvider(
&ctx->hHashAlg,
ctx->pszHashAlgId,
NULL,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptOpenAlgorithmProvider",
xmlSecTransformGetName(transform), status);
return(-1);
}
/* calculate the size of the buffer to hold the hash object */
status = BCryptGetProperty(
ctx->hHashAlg,
BCRYPT_OBJECT_LENGTH,
(PBYTE)&cbHashObject,
sizeof(DWORD),
&cbData,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptGetProperty",
xmlSecTransformGetName(transform), status);
return(-1);
}
/* allocate the hash object on the heap */
ctx->pbHashObject = (PBYTE)xmlMalloc(cbHashObject);
if(ctx->pbHashObject == NULL) {
xmlSecMallocError(cbHashObject, NULL);
return(-1);
}
/* calculate the length of the hash */
status = BCryptGetProperty(
ctx->hHashAlg,
BCRYPT_HASH_LENGTH,
(PBYTE)&ctx->cbHash,
sizeof(DWORD),
&cbData,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptGetProperty",
xmlSecTransformGetName(transform), status);
return(-1);
}
/* allocate the hash buffer on the heap */
ctx->pbHash = (PBYTE)xmlMalloc(ctx->cbHash);
if(ctx->pbHash == NULL) {
xmlSecMallocError(ctx->cbHash, NULL);
return(-1);
}
/* create the hash */
status = BCryptCreateHash(
ctx->hHashAlg,
&ctx->hHash,
ctx->pbHashObject,
cbHashObject,
NULL,
0,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptCreateHash",
xmlSecTransformGetName(transform), status);
return(-1);
}
transform->status = xmlSecTransformStatusWorking;
}
if((transform->status == xmlSecTransformStatusWorking)) {
if(inSize > 0) {
xmlSecAssert2(outSize == 0, -1);
/* hash some data */
status = BCryptHashData(
ctx->hHash,
(PBYTE)xmlSecBufferGetData(&transform->inBuf),
inSize,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptHashData",
xmlSecTransformGetName(transform), status);
return(-1);
}
ret = xmlSecBufferRemoveHead(&transform->inBuf, inSize);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferRemoveHead",
xmlSecTransformGetName(transform));
return(-1);
}
}
if(last != 0) {
/* close the hash */
status = BCryptFinishHash(
ctx->hHash,
ctx->pbHash,
ctx->cbHash,
0);
if(status != STATUS_SUCCESS) {
xmlSecMSCngNtError("BCryptFinishHash", xmlSecTransformGetName(transform), status);
return(-1);
}
xmlSecAssert2(ctx->cbHash > 0, -1);
if(transform->operation == xmlSecTransformOperationSign) {
xmlSecNotImplementedError(NULL);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
}
}
if((transform->status == xmlSecTransformStatusWorking) ||
(transform->status == xmlSecTransformStatusFinished)) {
xmlSecAssert2(xmlSecBufferGetSize(&transform->inBuf) == 0, -1);
} else {
xmlSecInvalidTransfromStatusError(transform);
return(-1);
}
return(0);
}
static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* tmp;
int tmpSize;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* there is only one required node */
cur = xmlSecGetNextElementNode(node->children);
if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
xmlSecInvalidNodeError(cur, xmlSecNodeXPath,
xmlSecTransformGetName(transform));
return(-1);
}
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* create full XPath expression */
xmlSecAssert2(data->expr != NULL, -1);
tmpSize = xmlStrlen(data->expr) + strlen(xpathPattern) + 1;
tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * tmpSize);
if(tmp == NULL) {
xmlSecMallocError(sizeof(xmlChar) * tmpSize,
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlStrPrintf(tmp, tmpSize, xpathPattern, (char*)data->expr);
if(ret < 0) {
xmlSecXmlError("xmlStrPrintf", xmlSecTransformGetName(transform));
xmlFree(tmp);
return(-1);
}
xmlFree(data->expr);
data->expr = tmp;
/* set correct node set type and operation */
data->nodeSetOp = xmlSecNodeSetIntersection;
data->nodeSetType = xmlSecNodeSetNormal;
/* check that we have nothing else */
cur = xmlSecGetNextElementNode(cur->next);
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecPtrListPtr dataList;
xmlSecXPathDataPtr data;
xmlNodePtr cur;
xmlChar* op;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
dataList = xmlSecXPathTransformGetDataList(transform);
xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);
/* There are only xpath nodes */
cur = xmlSecGetNextElementNode(node->children);
while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
/* read information from the node */
data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
if(data == NULL) {
xmlSecInternalError("xmlSecXPathDataCreate",
xmlSecTransformGetName(transform));
return(-1);
}
ret = xmlSecXPathDataNodeRead(data, cur);
if(ret < 0) {
xmlSecInternalError("xmlSecXPathDataNodeRead",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* append it to the list */
ret = xmlSecPtrListAdd(dataList, data);
if(ret < 0) {
xmlSecInternalError("xmlSecPtrListAdd",
xmlSecTransformGetName(transform));
xmlSecXPathDataDestroy(data);
return(-1);
}
/* set correct node set type and operation */
data->nodeSetType = xmlSecNodeSetTree;
op = xmlGetProp(cur, xmlSecAttrFilter);
if(op == NULL) {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter,
xmlSecTransformGetName(transform),
"empty");
return(-1);
}
if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
data->nodeSetOp = xmlSecNodeSetIntersection;
} else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
data->nodeSetOp = xmlSecNodeSetSubtraction;
} else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
data->nodeSetOp = xmlSecNodeSetUnion;
} else {
xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter,
xmlSecTransformGetName(transform),
"unknown");
xmlFree(op);
return(-1);
}
xmlFree(op);
cur = xmlSecGetNextElementNode(cur->next);
}
/* check that we have nothing else */
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecBase64CtxPtr ctx;
xmlSecBufferPtr in, out;
xmlSecSize inSize, outSize, outLen;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncode) || (transform->operation == xmlSecTransformOperationDecode), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecBase64GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
in = &(transform->inBuf);
out = &(transform->outBuf);
if(transform->status == xmlSecTransformStatusNone) {
ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0;
transform->status = xmlSecTransformStatusWorking;
}
switch(transform->status) {
case xmlSecTransformStatusWorking:
inSize = xmlSecBufferGetSize(in);
outSize = xmlSecBufferGetSize(out);
if(inSize > 0) {
if(ctx->encode != 0) {
outLen = 4 * inSize / 3 + 8;
if(ctx->columns > 0) {
outLen += inSize / ctx->columns + 4;
}
} else {
outLen = 3 * inSize / 4 + 8;
}
ret = xmlSecBufferSetMaxSize(out, outSize + outLen);
if(ret < 0) {
xmlSecInternalError2("xmlSecBufferSetMaxSize",
xmlSecTransformGetName(transform),
"size=%d", outSize + outLen);
return(-1);
}
/* encode/decode the next chunk */
ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize,
xmlSecBufferGetData(out) + outSize,
outLen);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxUpdate",
xmlSecTransformGetName(transform));
return(-1);
}
outLen = ret;
/* set correct size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
xmlSecInternalError2("xmlSecBufferSetSize",
xmlSecTransformGetName(transform),
"size=%d", outSize + outLen);
return(-1);
}
/* remove chunk from input */
ret = xmlSecBufferRemoveHead(in, inSize);
if(ret < 0) {
xmlSecInternalError2("xmlSecBufferRemoveHead",
xmlSecTransformGetName(transform),
"size=%d", inSize);
return(-1);
}
}
if(last) {
outSize = xmlSecBufferGetSize(out);
ret = xmlSecBufferSetMaxSize(out, outSize + 16);
if(ret < 0) {
xmlSecInternalError2("xmlSecBufferSetMaxSize",
xmlSecTransformGetName(transform),
"size=%d", outSize + 16);
return(-1);
}
/* add from ctx buffer */
ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16);
if(ret < 0) {
xmlSecInternalError("xmlSecBase64CtxFinal",
xmlSecTransformGetName(transform));
return(-1);
}
outLen = ret;
/* set correct size */
ret = xmlSecBufferSetSize(out, outSize + outLen);
if(ret < 0) {
xmlSecInternalError2("xmlSecBufferSetSize",
xmlSecTransformGetName(transform),
"size=%d", outSize + outLen);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
}
break;
case xmlSecTransformStatusFinished:
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
break;
default:
xmlSecInvalidTransfromStatusError(transform);
return(-1);
}
return(0);
}