Exemple #1
0
static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
    xmlSecOpenSSLRsaOaepCtxPtr ctx;
    EVP_PKEY* pKey;
    RSA *rsa;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
    xmlSecAssert2(key != NULL, -1);
    xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);

    ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(ctx->pKey == NULL, -1);

    pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
    if(pKey == NULL) {
        xmlSecInternalError("xmlSecOpenSSLKeyDataRsaGetEvp",
                            xmlSecTransformGetName(transform));
        return(-1);
    }
    xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1);
    rsa = EVP_PKEY_get0_RSA(pKey);
    xmlSecAssert2(rsa != NULL, -1);

    ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
    if(ctx->pKey == NULL) {
        xmlSecInternalError("xmlSecOpenSSLEvpKeyDup",
                            xmlSecTransformGetName(transform));
        return(-1);
    }

    return(0);
}
Exemple #2
0
/**
 * xmlSecBase64Decode:
 * @str:                the input buffer with base64 encoded string
 * @buf:                the output buffer
 * @len:                the output buffer size
 *
 * Decodes input base64 encoded string and puts result into
 * the output buffer.
 *
 * Returns: the number of bytes written to the output buffer or
 * a negative value if an error occurs
 */
int
xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) {
    xmlSecBase64Ctx ctx;
    int size_update;
    int size_final;
    int ret;

    xmlSecAssert2(str != NULL, -1);
    xmlSecAssert2(buf != NULL, -1);

    ret = xmlSecBase64CtxInitialize(&ctx, 0, 0);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxInitialize", NULL);
        return(-1);
    }

    ret = xmlSecBase64CtxUpdate(&ctx, (const xmlSecByte*)str, xmlStrlen(str), buf, len);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxUpdate", NULL);
        xmlSecBase64CtxFinalize(&ctx);
        return(-1);
    }

    size_update = ret;
    ret = xmlSecBase64CtxFinal(&ctx, buf + size_update, len - size_update);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxFinal", NULL);
        xmlSecBase64CtxFinalize(&ctx);
        return(-1);
    }
    size_final = ret;

    xmlSecBase64CtxFinalize(&ctx);
    return(size_update + size_final);
}
Exemple #3
0
int main()
{
    int ret;

    // OK
    ret = foo();
    if (ret < 0)
    {
        xmlSecInternalError("foo", NULL);
    }

    // OK
    ret = outer(1, strlen("x"));
    if (ret < 0)
    {
        xmlSecInternalError("outer", NULL);
    }

    // KO
    ret = foo();
    if (ret < 0)
    {
        xmlSecInternalError("bar", NULL);
    }
}
Exemple #4
0
/**
 * xmlSecBase64CtxUpdate:
 * @ctx:                the pointer to #xmlSecBase64Ctx structure
 * @in:                 the input buffer
 * @inSize:             the input buffer size
 * @out:                the output buffer
 * @outSize:            the output buffer size
 *
 * Encodes or decodes the next piece of data from input buffer.
 *
 * Returns: the number of bytes written to output buffer or
 * -1 if an error occurs.
 */
int
xmlSecBase64CtxUpdate(xmlSecBase64CtxPtr ctx,
                     const xmlSecByte *in, xmlSecSize inSize,
                     xmlSecByte *out, xmlSecSize outSize) {
    xmlSecSize inResSize = 0, outResSize = 0;
    int ret;

    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(in != NULL, -1);
    xmlSecAssert2(out != NULL, -1);

    if(ctx->encode != 0) {
        ret = xmlSecBase64CtxEncode(ctx, in, inSize, &inResSize,
                                    out, outSize, &outResSize);
        if((ret < 0) || (inResSize != inSize)) {
            xmlSecInternalError("xmlSecBase64CtxEncode", NULL);
            return(-1);
        }
    } else {
        ret = xmlSecBase64CtxDecode(ctx, in, inSize, &inResSize,
                                    out, outSize, &outResSize);
        if((ret < 0) || (inResSize != inSize)) {
            xmlSecInternalError("xmlSecBase64CtxDecode", NULL);
            return(-1);
        }
    }

    return(outResSize);
}
Exemple #5
0
/**
 * xmlSecNssKeysMngrInit:
 * @mngr:               the pointer to keys manager.
 *
 * Adds NSS specific key data stores in keys manager.
 *
 * Returns: 0 on success or a negative value otherwise.
 */
int
xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) {
    int ret;

    xmlSecAssert2(mngr != NULL, -1);

#ifndef XMLSEC_NO_X509
    /* create x509 store if needed */
    if(xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId) == NULL) {
        xmlSecKeyDataStorePtr x509Store;

        x509Store = xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId);
        if(x509Store == NULL) {
            xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId)", NULL);
            return(-1);
        }

        ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store);
        if(ret < 0) {
            xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL);
            xmlSecKeyDataStoreDestroy(x509Store);
            return(-1);
        }
    }
#endif /* XMLSEC_NO_X509 */

    return(0);
}
Exemple #6
0
static int
xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
    xmlSecPtrListPtr dataList;
    xmlSecXPathDataPtr data;
    xmlNodePtr cur;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
    xmlSecAssert2(node != NULL, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    dataList = xmlSecXPathTransformGetDataList(transform);
    xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
    xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);

    /* there is only one required node */
    cur = xmlSecGetNextElementNode(node->children);
    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) {
        xmlSecInvalidNodeError(cur, xmlSecNodeXPointer,
                               xmlSecTransformGetName(transform));
        return(-1);
    }

    /* read information from the node */
    data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
    if(data == NULL) {
        xmlSecInternalError("xmlSecXPathDataCreate",
                            xmlSecTransformGetName(transform));
        return(-1);
    }

    ret = xmlSecXPathDataNodeRead(data, cur);
    if(ret < 0) {
        xmlSecInternalError("xmlSecXPathDataNodeRead",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    /* append it to the list */
    ret = xmlSecPtrListAdd(dataList, data);
    if(ret < 0) {
        xmlSecInternalError("xmlSecPtrListAdd",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    /* set correct node set type and operation */
    data->nodeSetOp     = xmlSecNodeSetIntersection;
    data->nodeSetType   = xmlSecNodeSetTree;

    /* check that we have nothing else */
    cur = xmlSecGetNextElementNode(cur->next);
    if(cur != NULL) {
        xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
        return(-1);
    }
    return(0);
}
Exemple #7
0
/**
 * xmlSecTransformXPointerSetExpr:
 * @transform:          the pointer to XPointer transform.
 * @expr:               the XPointer expression.
 * @nodeSetType:        the type of evaluated XPointer expression.
 * @hereNode:           the pointer to "here" node.
 *
 * Sets the XPointer expression for an XPointer @transform.
 *
 * Returns: 0 on success or a negative value if an error occurs.
 */
int
xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr,
                            xmlSecNodeSetType  nodeSetType, xmlNodePtr hereNode) {
    xmlSecPtrListPtr dataList;
    xmlSecXPathDataPtr data;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPointerId), -1);
    xmlSecAssert2(transform->hereNode == NULL, -1);
    xmlSecAssert2(expr != NULL, -1);
    xmlSecAssert2(hereNode != NULL, -1);

    transform->hereNode = hereNode;

    dataList = xmlSecXPathTransformGetDataList(transform);
    xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
    xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);

    data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer);
    if(data == NULL) {
        xmlSecInternalError("xmlSecXPathDataCreate",
                            xmlSecTransformGetName(transform));
        return(-1);
    }

    ret = xmlSecXPathDataRegisterNamespaces(data, hereNode);
    if(ret < 0) {
        xmlSecInternalError("xmlSecXPathDataRegisterNamespaces",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    ret = xmlSecXPathDataSetExpr(data, expr);
    if(ret < 0) {
        xmlSecInternalError("xmlSecXPathDataSetExpr",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    /* append it to the list */
    ret = xmlSecPtrListAdd(dataList, data);
    if(ret < 0) {
        xmlSecInternalError("xmlSecPtrListAdd",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    /* set correct node set type and operation */
    data->nodeSetOp     = xmlSecNodeSetIntersection;
    data->nodeSetType   = nodeSetType;

    return(0);
}
Exemple #8
0
/**
 * xmlSecBase64Encode:
 * @buf:                the input buffer.
 * @len:                the input buffer size.
 * @columns:            the output max line length (if 0 then no line breaks
 *                      would be inserted)
 *
 * Encodes the data from input buffer and allocates the string for the result.
 * The caller is responsible for freeing returned buffer using
 * xmlFree() function.
 *
 * Returns: newly allocated string with base64 encoded data
 * or NULL if an error occurs.
 */
xmlChar*
xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) {
    xmlSecBase64Ctx ctx;
    xmlChar *ptr;
    xmlSecSize size;
    int size_update, size_final;
    int ret;

    xmlSecAssert2(buf != NULL, NULL);

    ret = xmlSecBase64CtxInitialize(&ctx, 1, columns);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxInitialize", NULL);
        return(NULL);
    }

    /* create result buffer */
    size = (4 * len) / 3 + 4;
    if(columns > 0) {
        size += (size / columns) + 4;
    }
    ptr = (xmlChar*) xmlMalloc(size);
    if(ptr == NULL) {
        xmlSecMallocError(size, NULL);
        xmlSecBase64CtxFinalize(&ctx);
        return(NULL);
    }

    ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size);
    if(ret < 0) {
        xmlSecInternalError3("xmlSecBase64CtxUpdate", NULL,
                             "len=%lu;size=%lu",
                             (unsigned long)len, (unsigned long)size);
        xmlFree(ptr);
        xmlSecBase64CtxFinalize(&ctx);
        return(NULL);
    }
    size_update = ret;

    ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxFinal", NULL);
        xmlFree(ptr);
        xmlSecBase64CtxFinalize(&ctx);
        return(NULL);
    }
    size_final = ret;
    ptr[size_update + size_final] = '\0';

    xmlSecBase64CtxFinalize(&ctx);
    return(ptr);
}
Exemple #9
0
/**
 * xmlSecBase64CtxFinal:
 * @ctx:                the pointer to #xmlSecBase64Ctx structure
 * @out:                the output buffer
 * @outSize:            the output buffer size
 *
 * Encodes or decodes the last piece of data stored in the context
 * and finalizes the result.
 *
 * Returns: the number of bytes written to output buffer or
 * -1 if an error occurs.
 */
int
xmlSecBase64CtxFinal(xmlSecBase64CtxPtr ctx,
                    xmlSecByte *out, xmlSecSize outSize) {
    xmlSecSize outResSize = 0;
    int ret;

    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(out != NULL, -1);
    xmlSecAssert2(outSize > 0, -1);

    if(ctx->encode != 0) {
        ret = xmlSecBase64CtxEncodeFinal(ctx, out, outSize, &outResSize);
        if(ret < 0) {
            xmlSecInternalError2("xmlSecBase64CtxEncodeFinal", NULL, "outSize=%d", outSize);
            return(-1);
        }
    } else {
        if(!xmlSecBase64CtxDecodeIsFinished(ctx)) {
            xmlSecInternalError("xmlSecBase64CtxIsFinished", NULL);
            return(-1);
        }
    }

    /* add \0 */
    if((outResSize + 1) < outSize) {
        out[outResSize] = '\0';
    }
    return(outResSize);
}
Exemple #10
0
static int
xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last,
                            xmlSecTransformCtxPtr transformCtx) {
    xmlSecPtrListPtr dataList;
    xmlDocPtr doc;

    xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);
    xmlSecAssert2(transform->hereNode != NULL, -1);
    xmlSecAssert2(transform->outNodes == NULL, -1);
    xmlSecAssert2(last != 0, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    dataList = xmlSecXPathTransformGetDataList(transform);
    xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
    xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, -1);

    doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
    xmlSecAssert2(doc != NULL, -1);

    transform->outNodes = xmlSecXPathDataListExecute(dataList, doc,
                                transform->hereNode, transform->inNodes);
    if(transform->outNodes == NULL) {
        xmlSecInternalError("xmlSecXPathDataExecute",
                            xmlSecTransformGetName(transform));
        return(-1);
    }
    return(0);
}
Exemple #11
0
static int xmlSecMSCngSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
    xmlSecMSCngSignatureCtxPtr ctx;
    xmlSecKeyDataPtr value;

    xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
    xmlSecAssert2(key != NULL, -1);

    ctx = xmlSecMSCngSignatureGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(ctx->keyId != NULL, -1);
    xmlSecAssert2(ctx->pszHashAlgId != 0, -1);
    xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);

    value = xmlSecKeyGetValue(key);
    xmlSecAssert2(value != NULL, -1);

    ctx->data = xmlSecKeyDataDuplicate(value);
    if(ctx->data == NULL) {
        xmlSecInternalError("xmlSecKeyDataDuplicate",
                            xmlSecTransformGetName(transform));
        return(-1);
    }

    return(0);
}
Exemple #12
0
static int
xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
    xmlSecOpenSSLRsaOaepCtxPtr ctx;
    xmlNodePtr cur;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
    xmlSecAssert2(node != NULL, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(xmlSecBufferGetSize(&(ctx->oaepParams)) == 0, -1);

    cur = xmlSecGetNextElementNode(node->children);
    while(cur != NULL) {
        if(xmlSecCheckNodeName(cur,  xmlSecNodeRsaOAEPparams, xmlSecEncNs)) {
            ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur);
            if(ret < 0) {
                xmlSecInternalError("xmlSecBufferBase64NodeContentRead",
                                    xmlSecTransformGetName(transform));
                return(-1);
            }
        } else if(xmlSecCheckNodeName(cur,  xmlSecNodeDigestMethod, xmlSecDSigNs)) {
            xmlChar* algorithm;

            /* Algorithm attribute is required */
            algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm);
            if(algorithm == NULL) {
                xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm,
                                                xmlSecTransformGetName(transform),
                                                "empty");
                return(-1);
            }

            /* for now we support only sha1 */
            if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) {
                xmlSecInvalidTransfromError2(transform,
                                "digest algorithm=\"%s\" is not supported for rsa/oaep",
                                xmlSecErrorsSafeString(algorithm));
                xmlFree(algorithm);
                return(-1);
            }
            xmlFree(algorithm);
        } else {
            /* not found */
            xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
            return(-1);
        }

        /* next node */
        cur = xmlSecGetNextElementNode(cur->next);
    }

    return(0);
}
Exemple #13
0
/**
 * xmlSecNssInit:
 *
 * XMLSec library specific crypto engine initialization.
 *
 * Returns: 0 on success or a negative value otherwise.
 */
int
xmlSecNssInit (void)  {
    /* Check loaded xmlsec library version */
    if(xmlSecCheckVersionExact() != 1) {
        xmlSecInternalError("xmlSecCheckVersionExact", NULL);
        return(-1);
    }

    /* set default errors callback for xmlsec to us */
    xmlSecErrorsSetCallback(xmlSecNssErrorsDefaultCallback);

    /* register our klasses */
    if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) {
        xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL);
        return(-1);
    }

    return(0);
}
Exemple #14
0
static int xmlSecMSCngSignatureVerify(xmlSecTransformPtr transform,
                                      const xmlSecByte* data,
                                      xmlSecSize dataSize,
                                      xmlSecTransformCtxPtr transformCtx) {
    xmlSecMSCngSignatureCtxPtr ctx;
    BCRYPT_KEY_HANDLE pubkey;
    NTSTATUS status;
    int ret;

    xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
    xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
    xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
    xmlSecAssert2(data != NULL, -1);
    xmlSecAssert2(dataSize > 0, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    ctx = xmlSecMSCngSignatureGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);

    pubkey = xmlSecMSCngKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic);
    if(pubkey == 0) {
        xmlSecInternalError("xmlSecMSCngKeyDataGetKey",
            xmlSecTransformGetName(transform));
        return(-1);
    }

    status = BCryptVerifySignature(
        pubkey,
        NULL,
        ctx->pbHash,
        ctx->cbHash,
        (PBYTE)data,
        dataSize,
        0);
    if(status != STATUS_SUCCESS) {
        if(status == STATUS_INVALID_SIGNATURE) {
            xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH,
                xmlSecTransformGetName(transform),
                "BCryptVerifySignature: the signature was not verified");
            transform->status = xmlSecTransformStatusFail;
            return(-1);
        } else {
            xmlSecMSCngNtError("BCryptVerifySignature",
                xmlSecTransformGetName(transform), status);
            return(-1);
        }
    }

    transform->status = xmlSecTransformStatusOk;
    return(0);
}
Exemple #15
0
static xmlSecNodeSetPtr
xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc,
                           xmlNodePtr hereNode, xmlSecNodeSetPtr nodes) {
    xmlSecXPathDataPtr data;
    xmlSecNodeSetPtr res, tmp, tmp2;
    xmlSecSize pos;

    xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), NULL);
    xmlSecAssert2(xmlSecPtrListGetSize(dataList) > 0, NULL);
    xmlSecAssert2(doc != NULL, NULL);
    xmlSecAssert2(hereNode != NULL, NULL);

    res = nodes;
    for(pos = 0; pos < xmlSecPtrListGetSize(dataList); ++pos) {
        data = (xmlSecXPathDataPtr)xmlSecPtrListGetItem(dataList, pos);
        if(data == NULL) {
            xmlSecInternalError2("xmlSecPtrListGetItem", NULL, "pos=%d", pos);
            if((res != NULL) && (res != nodes)) {
                xmlSecNodeSetDestroy(res);
            }
            return(NULL);
        }

        tmp = xmlSecXPathDataExecute(data, doc, hereNode);
        if(tmp == NULL) {
            xmlSecInternalError("xmlSecXPathDataExecute", NULL);
            if((res != NULL) && (res != nodes)) {
                xmlSecNodeSetDestroy(res);
            }
            return(NULL);
        }

        tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp);
        if(tmp2 == NULL) {
            xmlSecInternalError2("xmlSecNodeSetAdd", NULL,
                                 "nodeSetOp=%d", (int)data->nodeSetOp);
            if((res != NULL) && (res != nodes)) {
                xmlSecNodeSetDestroy(res);
            }
            xmlSecNodeSetDestroy(tmp);
            return(NULL);
        }
        res = tmp2;
    }

    return(res);
}
Exemple #16
0
static int
xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) {
    xmlSecPtrListPtr dataList;
    int ret;

    xmlSecAssert2(xmlSecTransformXPathCheckId(transform), -1);

    dataList = xmlSecXPathTransformGetDataList(transform);
    xmlSecAssert2(dataList != NULL, -1);

    ret = xmlSecPtrListInitialize(dataList, xmlSecXPathDataListId);
    if(ret < 0) {
        xmlSecInternalError("xmlSecPtrListInitialize",
                            xmlSecTransformGetName(transform));
        return(-1);
    }
    return(0);
}
Exemple #17
0
static int
xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last,
                            xmlSecTransformCtxPtr transformCtx) {
    xmlChar** idPtr;
    xmlDocPtr doc;
    xmlAttrPtr attr;
    xmlNodeSetPtr nodeSet;

    xmlSecAssert2(xmlSecTransformVisa3DHackCheckId(transform), -1);
    xmlSecAssert2(transform->outNodes == NULL, -1);
    xmlSecAssert2(last != 0, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    idPtr = xmlSecVisa3DHackTransformGetIDPtr(transform);
    xmlSecAssert2(idPtr != NULL, -1);
    xmlSecAssert2((*idPtr) != NULL, -1);

    doc = (transform->inNodes != NULL) ? transform->inNodes->doc : transform->hereNode->doc;
    xmlSecAssert2(doc != NULL, -1);

    attr = xmlGetID(doc, (*idPtr));
    if((attr == NULL) || (attr->parent == NULL)) {
        xmlSecXmlError2("xmlGetID", xmlSecTransformGetName(transform),
                        "id=\"%s\"", xmlSecErrorsSafeString(*idPtr));
        return(-1);
    }

    nodeSet = xmlXPathNodeSetCreate(attr->parent);
    if(nodeSet == NULL) {
        xmlSecXmlError2("xmlXPathNodeSetCreate", xmlSecTransformGetName(transform),
                        "id=\"%s\"", xmlSecErrorsSafeString(*idPtr));
        return(-1);
    }

    transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments);
    if(transform->outNodes == NULL) {
        xmlSecInternalError("xmlSecNodeSetCreate",
                            xmlSecTransformGetName(transform));
        xmlXPathFreeNodeSet(nodeSet);
        return(-1);
    }
    return(0);
}
Exemple #18
0
static int
xmlSecBase64Initialize(xmlSecTransformPtr transform) {
    xmlSecBase64CtxPtr ctx;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);

    ctx = xmlSecBase64GetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);

    transform->operation = xmlSecTransformOperationDecode;
    ret = xmlSecBase64CtxInitialize(ctx, 0, xmlSecBase64GetDefaultLineSize());
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxInitialize",
                            xmlSecTransformGetName(transform));
        return(-1);
    }

    return(0);
}
Exemple #19
0
static int
xmlSecOpenSSLRsaOaepInitialize(xmlSecTransformPtr transform) {
    xmlSecOpenSSLRsaOaepCtxPtr ctx;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);

    ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);

    memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));

    ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBufferInitialize",
                            xmlSecTransformGetName(transform));
        return(-1);
    }
    return(0);
}
Exemple #20
0
/**
 * xmlSecBase64CtxCreate:
 * @encode:             the encode/decode flag (1 - encode, 0 - decode)
 * @columns:            the max line length.
 *
 * Allocates and initializes new base64 context.
 *
 * Returns: a pointer to newly created #xmlSecBase64Ctx structure
 * or NULL if an error occurs.
 */
xmlSecBase64CtxPtr
xmlSecBase64CtxCreate(int encode, int columns) {
    xmlSecBase64CtxPtr ctx;
    int ret;

    /*
     * Allocate a new xmlSecBase64CtxPtr and fill the fields.
     */
    ctx = (xmlSecBase64CtxPtr) xmlMalloc(sizeof(xmlSecBase64Ctx));
    if (ctx == NULL) {
        xmlSecMallocError(sizeof(xmlSecBase64Ctx), NULL);
        return(NULL);
    }

    ret = xmlSecBase64CtxInitialize(ctx, encode, columns);
    if(ret < 0) {
        xmlSecInternalError("xmlSecBase64CtxInitialize", NULL);
        xmlSecBase64CtxDestroy(ctx);
        return(NULL);
    }
    return(ctx);
}
Exemple #21
0
static int
xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
    xmlSecOpenSSLRsaOaepCtxPtr ctx;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(ctx->pKey != NULL, -1);

    if(transform->status == xmlSecTransformStatusNone) {
        transform->status = xmlSecTransformStatusWorking;
    }

    if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
        /* just do nothing */
    } else  if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
        ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
        if(ret < 0) {
            xmlSecInternalError("xmlSecOpenSSLRsaOaepProcess",
                                xmlSecTransformGetName(transform));
            return(-1);
        }
        transform->status = xmlSecTransformStatusFinished;
    } else if(transform->status == xmlSecTransformStatusFinished) {
        /* the only way we can get here is if there is no input */
        xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
    } else {
        xmlSecInvalidTransfromStatusError(transform);
        return(-1);
    }
    return(0);
}
Exemple #22
0
static int
xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) {
    int ret;

    xmlSecAssert2(data != NULL, -1);
    xmlSecAssert2(data->expr == NULL, -1);
    xmlSecAssert2(data->ctx != NULL, -1);
    xmlSecAssert2(node != NULL, -1);

    ret = xmlSecXPathDataRegisterNamespaces (data, node);
    if(ret < 0) {
        xmlSecInternalError("xmlSecXPathDataRegisterNamespaces", NULL);
        return(-1);
    }

    /* read node content and set expr */
    data->expr = xmlNodeGetContent(node);
    if(data->expr == NULL) {
        xmlSecInvalidNodeContentError(node, NULL, "empty");
        return(-1);
    }

    return(0);
}
Exemple #23
0
static int
xmlSecMSCngSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
    xmlSecMSCngSignatureCtxPtr ctx;
    xmlSecSize inSize;
    xmlSecSize outSize;
    NTSTATUS status;
    DWORD cbData = 0;
    DWORD cbHashObject = 0;
    int ret;

    xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
    xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
    xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    ctx = xmlSecMSCngSignatureGetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);
    xmlSecAssert2(ctx->pszHashAlgId != NULL, -1);

    inSize = xmlSecBufferGetSize(&transform->inBuf);
    outSize = xmlSecBufferGetSize(&transform->outBuf);

    if(transform->status == xmlSecTransformStatusNone) {
        xmlSecAssert2(outSize == 0, -1);

        /* open an algorithm handle */
        status = BCryptOpenAlgorithmProvider(
            &ctx->hHashAlg,
            ctx->pszHashAlgId,
            NULL,
            0);
        if(status != STATUS_SUCCESS) {
            xmlSecMSCngNtError("BCryptOpenAlgorithmProvider",
                xmlSecTransformGetName(transform), status);
            return(-1);
        }

        /* calculate the size of the buffer to hold the hash object */
        status = BCryptGetProperty(
            ctx->hHashAlg,
            BCRYPT_OBJECT_LENGTH,
            (PBYTE)&cbHashObject,
            sizeof(DWORD),
            &cbData,
            0);
        if(status != STATUS_SUCCESS) {
            xmlSecMSCngNtError("BCryptGetProperty",
                xmlSecTransformGetName(transform), status);
            return(-1);
        }

        /* allocate the hash object on the heap */
        ctx->pbHashObject = (PBYTE)xmlMalloc(cbHashObject);
        if(ctx->pbHashObject == NULL) {
            xmlSecMallocError(cbHashObject, NULL);
            return(-1);
        }

        /* calculate the length of the hash */
        status = BCryptGetProperty(
            ctx->hHashAlg,
            BCRYPT_HASH_LENGTH,
            (PBYTE)&ctx->cbHash,
            sizeof(DWORD),
            &cbData,
            0);
        if(status != STATUS_SUCCESS) {
            xmlSecMSCngNtError("BCryptGetProperty",
                xmlSecTransformGetName(transform), status);
            return(-1);
        }

        /* allocate the hash buffer on the heap */
        ctx->pbHash = (PBYTE)xmlMalloc(ctx->cbHash);
        if(ctx->pbHash == NULL) {
            xmlSecMallocError(ctx->cbHash, NULL);
            return(-1);
        }

        /* create the hash */
        status = BCryptCreateHash(
            ctx->hHashAlg,
            &ctx->hHash,
            ctx->pbHashObject,
            cbHashObject,
            NULL,
            0,
            0);
        if(status != STATUS_SUCCESS) {
            xmlSecMSCngNtError("BCryptCreateHash",
                xmlSecTransformGetName(transform), status);
            return(-1);
        }

        transform->status = xmlSecTransformStatusWorking;
    }

    if((transform->status == xmlSecTransformStatusWorking)) {
        if(inSize > 0) {
            xmlSecAssert2(outSize == 0, -1);

            /* hash some data */
            status = BCryptHashData(
                ctx->hHash,
                (PBYTE)xmlSecBufferGetData(&transform->inBuf),
                inSize,
                0);
            if(status != STATUS_SUCCESS) {
                xmlSecMSCngNtError("BCryptHashData",
                    xmlSecTransformGetName(transform), status);
                return(-1);
            }

            ret = xmlSecBufferRemoveHead(&transform->inBuf, inSize);
            if(ret < 0) {
                xmlSecInternalError("xmlSecBufferRemoveHead",
                                     xmlSecTransformGetName(transform));
                return(-1);
            }
        }

        if(last != 0) {
            /* close the hash */
            status = BCryptFinishHash(
                ctx->hHash,
                ctx->pbHash,
                ctx->cbHash,
                0);
            if(status != STATUS_SUCCESS) {
                xmlSecMSCngNtError("BCryptFinishHash", xmlSecTransformGetName(transform), status);
                return(-1);
            }

            xmlSecAssert2(ctx->cbHash > 0, -1);

            if(transform->operation == xmlSecTransformOperationSign) {
                xmlSecNotImplementedError(NULL);
                return(-1);
            }
            transform->status = xmlSecTransformStatusFinished;
        }
    }

    if((transform->status == xmlSecTransformStatusWorking) ||
            (transform->status == xmlSecTransformStatusFinished)) {
        xmlSecAssert2(xmlSecBufferGetSize(&transform->inBuf) == 0, -1);
    } else {
        xmlSecInvalidTransfromStatusError(transform);
        return(-1);
    }

    return(0);
}
Exemple #24
0
static int
xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
    xmlSecPtrListPtr dataList;
    xmlSecXPathDataPtr data;
    xmlNodePtr cur;
    xmlChar* tmp;
    int tmpSize;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1);
    xmlSecAssert2(node != NULL, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    dataList = xmlSecXPathTransformGetDataList(transform);
    xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
    xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);

    /* there is only one required node */
    cur = xmlSecGetNextElementNode(node->children);
    if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) {
        xmlSecInvalidNodeError(cur, xmlSecNodeXPath,
                               xmlSecTransformGetName(transform));
        return(-1);
    }

    /* read information from the node */
    data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath);
    if(data == NULL) {
        xmlSecInternalError("xmlSecXPathDataCreate",
                            xmlSecTransformGetName(transform));
        return(-1);
    }

    ret = xmlSecXPathDataNodeRead(data, cur);
    if(ret < 0) {
        xmlSecInternalError("xmlSecXPathDataNodeRead",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    /* append it to the list */
    ret = xmlSecPtrListAdd(dataList, data);
    if(ret < 0) {
        xmlSecInternalError("xmlSecPtrListAdd",
                            xmlSecTransformGetName(transform));
        xmlSecXPathDataDestroy(data);
        return(-1);
    }

    /* create full XPath expression */
    xmlSecAssert2(data->expr != NULL, -1);
    tmpSize = xmlStrlen(data->expr) + strlen(xpathPattern) + 1;
    tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * tmpSize);
    if(tmp == NULL) {
        xmlSecMallocError(sizeof(xmlChar) * tmpSize,
                          xmlSecTransformGetName(transform));
        return(-1);
    }
    ret = xmlStrPrintf(tmp, tmpSize, xpathPattern, (char*)data->expr);
    if(ret < 0) {
       xmlSecXmlError("xmlStrPrintf", xmlSecTransformGetName(transform));
       xmlFree(tmp);
       return(-1);
    }
    xmlFree(data->expr);
    data->expr = tmp;

    /* set correct node set type and operation */
    data->nodeSetOp     = xmlSecNodeSetIntersection;
    data->nodeSetType   = xmlSecNodeSetNormal;

    /* check that we have nothing else */
    cur = xmlSecGetNextElementNode(cur->next);
    if(cur != NULL) {
        xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
        return(-1);
    }
    return(0);
}
Exemple #25
0
static int
xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
    xmlSecPtrListPtr dataList;
    xmlSecXPathDataPtr data;
    xmlNodePtr cur;
    xmlChar* op;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPath2Id), -1);
    xmlSecAssert2(node != NULL, -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    dataList = xmlSecXPathTransformGetDataList(transform);
    xmlSecAssert2(xmlSecPtrListCheckId(dataList, xmlSecXPathDataListId), -1);
    xmlSecAssert2(xmlSecPtrListGetSize(dataList) == 0, -1);

    /* There are only xpath nodes */
    cur = xmlSecGetNextElementNode(node->children);
    while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeXPath2, xmlSecXPath2Ns)) {
        /* read information from the node */
        data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2);
        if(data == NULL) {
            xmlSecInternalError("xmlSecXPathDataCreate",
                                xmlSecTransformGetName(transform));
            return(-1);
        }

        ret = xmlSecXPathDataNodeRead(data, cur);
        if(ret < 0) {
            xmlSecInternalError("xmlSecXPathDataNodeRead",
                                xmlSecTransformGetName(transform));
            xmlSecXPathDataDestroy(data);
            return(-1);
        }

        /* append it to the list */
        ret = xmlSecPtrListAdd(dataList, data);
        if(ret < 0) {
            xmlSecInternalError("xmlSecPtrListAdd",
                                xmlSecTransformGetName(transform));
            xmlSecXPathDataDestroy(data);
            return(-1);
        }

        /* set correct node set type and operation */
        data->nodeSetType = xmlSecNodeSetTree;
        op = xmlGetProp(cur, xmlSecAttrFilter);
        if(op == NULL) {
            xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter,
                                            xmlSecTransformGetName(transform),
                                            "empty");
            return(-1);
        }
        if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) {
            data->nodeSetOp = xmlSecNodeSetIntersection;
        } else if(xmlStrEqual(op, xmlSecXPath2FilterSubtract)) {
            data->nodeSetOp = xmlSecNodeSetSubtraction;
        } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) {
            data->nodeSetOp = xmlSecNodeSetUnion;
        } else {
            xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter,
                                            xmlSecTransformGetName(transform),
                                            "unknown");
            xmlFree(op);
            return(-1);
        }
        xmlFree(op);

        cur = xmlSecGetNextElementNode(cur->next);
    }

    /* check that we have nothing else */
    if(cur != NULL) {
        xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
        return(-1);
    }
    return(0);
}
Exemple #26
0
static int
xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
    xmlSecBase64CtxPtr ctx;
    xmlSecBufferPtr in, out;
    xmlSecSize inSize, outSize, outLen;
    int ret;

    xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformBase64Id), -1);
    xmlSecAssert2((transform->operation == xmlSecTransformOperationEncode) || (transform->operation == xmlSecTransformOperationDecode), -1);
    xmlSecAssert2(transformCtx != NULL, -1);

    ctx = xmlSecBase64GetCtx(transform);
    xmlSecAssert2(ctx != NULL, -1);

    in = &(transform->inBuf);
    out = &(transform->outBuf);

    if(transform->status == xmlSecTransformStatusNone) {
        ctx->encode = (transform->operation == xmlSecTransformOperationEncode) ? 1 : 0;
        transform->status = xmlSecTransformStatusWorking;
    }

    switch(transform->status) {
        case xmlSecTransformStatusWorking:
            inSize = xmlSecBufferGetSize(in);
            outSize = xmlSecBufferGetSize(out);
            if(inSize > 0) {
                if(ctx->encode != 0) {
                    outLen = 4 * inSize / 3 + 8;
                    if(ctx->columns > 0) {
                        outLen += inSize / ctx->columns + 4;
                    }
                } else {
                    outLen = 3 * inSize / 4 + 8;
                }
                ret = xmlSecBufferSetMaxSize(out, outSize + outLen);
                if(ret < 0) {
                    xmlSecInternalError2("xmlSecBufferSetMaxSize",
                                         xmlSecTransformGetName(transform),
                                         "size=%d", outSize + outLen);
                    return(-1);
                }

                /* encode/decode the next chunk */
                ret = xmlSecBase64CtxUpdate(ctx, xmlSecBufferGetData(in), inSize,
                                            xmlSecBufferGetData(out) + outSize,
                                            outLen);
                if(ret < 0) {
                    xmlSecInternalError("xmlSecBase64CtxUpdate",
                                        xmlSecTransformGetName(transform));
                    return(-1);
                }
                outLen = ret;

                /* set correct size */
                ret = xmlSecBufferSetSize(out, outSize + outLen);
                if(ret < 0) {
                    xmlSecInternalError2("xmlSecBufferSetSize",
                                         xmlSecTransformGetName(transform),
                                         "size=%d", outSize + outLen);
                    return(-1);
                }

                /* remove chunk from input */
                ret = xmlSecBufferRemoveHead(in, inSize);
                if(ret < 0) {
                    xmlSecInternalError2("xmlSecBufferRemoveHead",
                                         xmlSecTransformGetName(transform),
                                         "size=%d", inSize);
                    return(-1);
                }
            }

            if(last) {
                outSize = xmlSecBufferGetSize(out);

                ret = xmlSecBufferSetMaxSize(out, outSize + 16);
                if(ret < 0) {
                    xmlSecInternalError2("xmlSecBufferSetMaxSize",
                                         xmlSecTransformGetName(transform),
                                         "size=%d", outSize + 16);
                    return(-1);
                }

                /* add from ctx buffer */
                ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16);
                if(ret < 0) {
                    xmlSecInternalError("xmlSecBase64CtxFinal",
                                        xmlSecTransformGetName(transform));
                    return(-1);
                }
                outLen = ret;

                /* set correct size */
                ret = xmlSecBufferSetSize(out, outSize + outLen);
                if(ret < 0) {
                    xmlSecInternalError2("xmlSecBufferSetSize",
                                         xmlSecTransformGetName(transform),
                                         "size=%d", outSize + outLen);
                    return(-1);
                }
                transform->status = xmlSecTransformStatusFinished;
            }
            break;
        case xmlSecTransformStatusFinished:
            /* the only way we can get here is if there is no input */
            xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1);
            break;
        default:
            xmlSecInvalidTransfromStatusError(transform);
            return(-1);
    }
    return(0);
}