static void
xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert(ctx != NULL);
#ifndef XMLSEC_OPENSSL_096
HMAC_CTX_cleanup(&(ctx->hmacCtx));
#endif /* XMLSEC_OPENSSL_096 */
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
}
static void
xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->hmacCtx != NULL) {
HMAC_CTX_free(ctx->hmacCtx);
}
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
}
static int
xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
keyReq->keyId = xmlSecOpenSSLKeyDataHmacId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationSign) {
keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacCtx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
ret = HMAC_Init_ex(ctx->hmacCtx,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst,
NULL);
if(ret != 1) {
xmlSecOpenSSLError("HMAC_Init_ex",
xmlSecTransformGetName(transform));
return(-1);
}
ctx->ctxInitialized = 1;
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform),
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"keySize=0");
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
HMAC_Init(&(ctx->hmacCtx),
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst);
ctx->ctxInitialized = 1;
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* todo: error if dgstSize == 0 ?*/
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
xmlSecErrorsSafeString(xmlSecNodeGetName(cur)),
XMLSEC_ERRORS_R_UNEXPECTED_NODE,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
/* initialize context */
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha1Id)) {
ctx->hmacDgst = EVP_sha1();
} else
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha224Id)) {
ctx->hmacDgst = EVP_sha224();
} else
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha256Id)) {
ctx->hmacDgst = EVP_sha256();
} else
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha384Id)) {
ctx->hmacDgst = EVP_sha384();
} else
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha512Id)) {
ctx->hmacDgst = EVP_sha512();
} else
#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacRipemd160Id)) {
ctx->hmacDgst = EVP_ripemd160();
} else
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacMd5Id)) {
ctx->hmacDgst = EVP_md5();
} else
#endif /* XMLSEC_NO_MD5 */
{
xmlSecInvalidTransfromError(transform)
return(-1);
}
/* create hmac CTX */
ctx->hmacCtx = HMAC_CTX_new();
if(ctx->hmacCtx == NULL) {
xmlSecOpenSSLError("HMAC_CTX_new",
xmlSecTransformGetName(transform));
return(-1);
}
/* done */
return(0);
}
static int
xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
/* initialize context */
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
#ifndef XMLSEC_NO_SHA1
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha1Id)) {
ctx->hmacDgst = EVP_sha1();
} else
#endif /* XMLSEC_NO_SHA1 */
#ifndef XMLSEC_NO_SHA224
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha224Id)) {
ctx->hmacDgst = EVP_sha224();
} else
#endif /* XMLSEC_NO_SHA224 */
#ifndef XMLSEC_NO_SHA256
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha256Id)) {
ctx->hmacDgst = EVP_sha256();
} else
#endif /* XMLSEC_NO_SHA256 */
#ifndef XMLSEC_NO_SHA384
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha384Id)) {
ctx->hmacDgst = EVP_sha384();
} else
#endif /* XMLSEC_NO_SHA384 */
#ifndef XMLSEC_NO_SHA512
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacSha512Id)) {
ctx->hmacDgst = EVP_sha512();
} else
#endif /* XMLSEC_NO_SHA512 */
#ifndef XMLSEC_NO_RIPEMD160
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacRipemd160Id)) {
ctx->hmacDgst = EVP_ripemd160();
} else
#endif /* XMLSEC_NO_RIPEMD160 */
#ifndef XMLSEC_NO_MD5
if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformHmacMd5Id)) {
ctx->hmacDgst = EVP_md5();
} else
#endif /* XMLSEC_NO_MD5 */
{
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
#ifndef XMLSEC_OPENSSL_096
HMAC_CTX_init(&(ctx->hmacCtx));
#endif /* XMLSEC_OPENSSL_096 */
return(0);
}
