static void
xmlSecOpenSSLEvpDigestFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLDigestCtxPtr ctx;
xmlSecAssert(xmlSecOpenSSLEvpDigestCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpDigestSize));
ctx = xmlSecOpenSSLEvpDigestGetCtx(transform);
xmlSecAssert(ctx != NULL);
#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_cleanup(&(ctx->digestCtx));
#endif /* XMLSEC_OPENSSL_096 */
memset(ctx, 0, sizeof(xmlSecOpenSSLDigestCtx));
}
static void
xmlSecGCryptDigestFinalize(xmlSecTransformPtr transform) {
xmlSecGCryptDigestCtxPtr ctx;
xmlSecAssert(xmlSecGCryptDigestCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecGCryptDigestSize));
ctx = xmlSecGCryptDigestGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->digestCtx != NULL) {
gcry_md_close(ctx->digestCtx);
}
memset(ctx, 0, sizeof(xmlSecGCryptDigestCtx));
}
static void
xmlSecOpenSSLRsaPkcs1Finalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaPkcs1CtxPtr ctx;
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaPkcs1Size));
ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->pKey != NULL) {
EVP_PKEY_free(ctx->pKey);
}
memset(ctx, 0, sizeof(xmlSecOpenSSLRsaPkcs1Ctx));
}
static void
xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert(ctx != NULL);
#ifndef XMLSEC_OPENSSL_096
HMAC_CTX_cleanup(&(ctx->hmacCtx));
#endif /* XMLSEC_OPENSSL_096 */
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
}
static void
xmlSecOpenSSLHmacFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecAssert(xmlSecOpenSSLHmacCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize));
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->hmacCtx != NULL) {
HMAC_CTX_free(ctx->hmacCtx);
}
memset(ctx, 0, sizeof(xmlSecOpenSSLHmacCtx));
}
static void
xmlSecRelationshipFinalize(xmlSecTransformPtr transform) {
xmlSecRelationshipCtxPtr ctx;
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize));
ctx = xmlSecRelationshipGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->sourceIdList != NULL) {
xmlSecPtrListDestroy(ctx->sourceIdList);
}
memset(ctx, 0, sizeof(xmlSecRelationshipCtx));
}
static void
xmlSecOpenSSLRsaOaepFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize));
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->pKey != NULL) {
EVP_PKEY_free(ctx->pKey);
}
xmlSecBufferFinalize(&(ctx->oaepParams));
memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
}
static int
xmlSecMSCryptoHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecMSCryptoHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoHmacSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
keyReq->keyId = xmlSecMSCryptoKeyDataHmacId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationSign) {
keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
static int
xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecRelationshipCtxPtr ctx;
xmlNodePtr cur;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformRelationshipId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecRelationshipSize), -1);
xmlSecAssert2(node != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecRelationshipGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = node->children;
while(cur != NULL) {
if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) {
xmlChar* sourceId;
sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId);
if(sourceId == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
"xmlGetProp",
xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId),
XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE,
"node=%s",
xmlSecErrorsSafeString(xmlSecNodeGetName(node)));
return(-1);
}
ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecPtrListAdd",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
xmlFree(sourceId);
return(-1);
}
}
cur = cur->next;
}
return(0);
}
static void
xmlSecMSCryptoRsaPkcs1Finalize(xmlSecTransformPtr transform) {
xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size));
ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
xmlSecAssert(ctx != NULL);
if (ctx->data != NULL) {
xmlSecKeyDataDestroy(ctx->data);
ctx->data = NULL;
}
memset(ctx, 0, sizeof(xmlSecMSCryptoRsaPkcs1Ctx));
}
static int
xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
xmlSecKeyDataPtr value;
EVP_PKEY* pKey;
xmlSecAssert2(xmlSecOpenSSLEvpSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digest != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(value != NULL, -1);
pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value);
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDataGetEvp",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
if(ctx->pKey != NULL) {
EVP_PKEY_free(ctx->pKey);
}
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDup",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
int ret;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacCtx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform));
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
ret = HMAC_Init_ex(ctx->hmacCtx,
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst,
NULL);
if(ret != 1) {
xmlSecOpenSSLError("HMAC_Init_ex",
xmlSecTransformGetName(transform));
return(-1);
}
ctx->ctxInitialized = 1;
return(0);
}
static int
xmlSecGCryptKWAesInitialize(xmlSecTransformPtr transform) {
xmlSecGCryptKWAesCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
ctx = xmlSecGCryptKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes128Id)) {
ctx->cipher = GCRY_CIPHER_AES128;
ctx->keyExpectedSize = XMLSEC_KW_AES128_KEY_SIZE;
} else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes192Id)) {
ctx->cipher = GCRY_CIPHER_AES192;
ctx->keyExpectedSize = XMLSEC_KW_AES192_KEY_SIZE;
} else if(xmlSecTransformCheckId(transform, xmlSecGCryptTransformKWAes256Id)) {
ctx->cipher = GCRY_CIPHER_AES256;
ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE;
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_TRANSFORM,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
ctx->mode = GCRY_CIPHER_MODE_CBC;
ctx->flags = GCRY_CIPHER_SECURE; /* we are paranoid */
ctx->blockSize = gcry_cipher_get_algo_blklen(ctx->cipher);
xmlSecAssert2(ctx->blockSize > 0, -1);
ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecGCryptKWAesGetKey",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int
xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecGCryptKWAesCtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
xmlSecAssert2(xmlSecGCryptKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptKWAesSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecGCryptKeyDataAesId), -1);
ctx = xmlSecGCryptKWAesGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
if(keySize < ctx->keyExpectedSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key=%d;expected=%d",
keySize, ctx->keyExpectedSize);
return(-1);
}
ret = xmlSecBufferSetData(&(ctx->keyBuffer),
xmlSecBufferGetData(buffer),
ctx->keyExpectedSize);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"expected-size=%d",
ctx->keyExpectedSize);
return(-1);
}
return(0);
}
static void xmlSecMSCryptoDigestFinalize(xmlSecTransformPtr transform) {
xmlSecMSCryptoDigestCtxPtr ctx;
xmlSecAssert(xmlSecMSCryptoDigestCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize));
ctx = xmlSecMSCryptoDigestGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->mscHash != 0) {
CryptDestroyHash(ctx->mscHash);
}
if(ctx->provider != 0) {
CryptReleaseContext(ctx->provider, 0);
}
memset(ctx, 0, sizeof(xmlSecMSCryptoDigestCtx));
}
static int
xmlSecNssKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
keyReq->keyId = xmlSecNssKeyDataAesId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
keyReq->keyBitsSize = 8 * xmlSecNssKWAesGetKeySize(transform);
return(0);
}
static int
xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey != NULL, -1);
if(transform->status == xmlSecTransformStatusNone) {
transform->status = xmlSecTransformStatusWorking;
}
if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) {
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLRsaOaepProcess",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
transform->status = xmlSecTransformStatusFinished;
} else if(transform->status == xmlSecTransformStatusFinished) {
/* the only way we can get here is if there is no input */
xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1);
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_STATUS,
"status=%d", transform->status);
return(-1);
}
return(0);
}
static int
xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecGCryptHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
gcry_error_t err;
xmlSecAssert2(xmlSecGCryptHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecGCryptHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecGCryptHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->digestCtx != NULL, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecGCryptKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key is empty");
return(-1);
}
err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer));
if(err != GPG_ERR_NO_ERROR) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"gcry_md_setkey",
XMLSEC_ERRORS_R_CRYPTO_FAILED,
XMLSEC_GCRYPT_REPORT_ERROR(err));
return(-1);
}
return(0);
}
static int
xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) {
int ret;
xmlSecAssert2(xmlSecNssKWAesCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKWAesSize), -1);
ret = xmlSecBufferInitialize(xmlSecNssKWAesGetKey(transform), 0);
if(ret < 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferInitialize",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static void
xmlSecOpenSSLEvpSignatureFinalize(xmlSecTransformPtr transform) {
xmlSecOpenSSLEvpSignatureCtxPtr ctx;
xmlSecAssert(xmlSecOpenSSLEvpSignatureCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecOpenSSLEvpSignatureSize));
ctx = xmlSecOpenSSLEvpSignatureGetCtx(transform);
xmlSecAssert(ctx != NULL);
if(ctx->pKey != NULL) {
EVP_PKEY_free(ctx->pKey);
}
#ifndef XMLSEC_OPENSSL_096
EVP_MD_CTX_cleanup(&(ctx->digestCtx));
#endif /* XMLSEC_OPENSSL_096 */
memset(ctx, 0, sizeof(xmlSecOpenSSLEvpSignatureCtx));
}
static int
xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecMSCryptoKWDes3CtxPtr ctx;
xmlSecBufferPtr buffer;
xmlSecSize keySize;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCryptoKeyDataDesId), -1);
ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key));
xmlSecAssert2(buffer != NULL, -1);
keySize = xmlSecBufferGetSize(buffer);
if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"key length %d is not enough (%d expected)",
keySize, XMLSEC_KW_DES3_KEY_LENGTH);
return(-1);
}
ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH);
if(ret < 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecBufferSetData",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
"size=%d", XMLSEC_KW_DES3_KEY_LENGTH);
return(-1);
}
return(0);
}
static int
xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlNodePtr cur;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(node!= NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
cur = xmlSecGetNextElementNode(node->children);
if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) {
xmlChar *content;
content = xmlNodeGetContent(cur);
if(content != NULL) {
ctx->dgstSize = atoi((char*)content);
xmlFree(content);
}
/* Ensure that HMAC length is greater than min specified.
Otherwise, an attacker can set this length to 0 or very
small value
*/
if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) {
xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform),
"HMAC output length is too small");
return(-1);
}
cur = xmlSecGetNextElementNode(cur->next);
}
if(cur != NULL) {
xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
const xmlSecByte* data,
xmlSecSize dataSize,
xmlSecTransformCtxPtr transformCtx) {
xmlSecMSCryptoDigestCtxPtr ctx;
xmlSecAssert2(xmlSecMSCryptoDigestCheckId(transform), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoDigestSize), -1);
xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1);
xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1);
xmlSecAssert2(data != NULL, -1);
xmlSecAssert2(transformCtx != NULL, -1);
ctx = xmlSecMSCryptoDigestGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->dgstSize > 0, -1);
if(dataSize != ctx->dgstSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"data_size=%d;dgst_size=%d",
dataSize, ctx->dgstSize);
transform->status = xmlSecTransformStatusFail;
return(0);
}
if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_DATA,
"data and digest do not match");
transform->status = xmlSecTransformStatusFail;
return(0);
}
transform->status = xmlSecTransformStatusOk;
return(0);
}
static void
xmlSecMSCryptoKWAesFinalize(xmlSecTransformPtr transform) {
xmlSecMSCryptoKWAesCtxPtr ctx;
xmlSecAssert(xmlSecMSCryptoKWAesCheckId(transform));
xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWAesSize));
ctx = xmlSecMSCryptoKWAesGetCtx(transform);
xmlSecAssert(ctx != NULL);
if (ctx->pubPrivKey) {
CryptDestroyKey(ctx->pubPrivKey);
}
if (ctx->cryptProvider) {
CryptReleaseContext(ctx->cryptProvider, 0);
}
xmlSecBufferFinalize(&ctx->keyBuffer);
memset(ctx, 0, sizeof(xmlSecMSCryptoKWAesCtx));
}
static int
xmlSecOpenSSLRsaOaepInitialize(xmlSecTransformPtr transform) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
int ret;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
memset(ctx, 0, sizeof(xmlSecOpenSSLRsaOaepCtx));
ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0);
if(ret < 0) {
xmlSecInternalError("xmlSecBufferInitialize",
xmlSecTransformGetName(transform));
return(-1);
}
return(0);
}
static int
xmlSecMSCryptoRsaPkcs1SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecMSCryptoRsaPkcs1CtxPtr ctx;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformRsaPkcs1Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoRsaPkcs1Size), -1);
xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecMSCryptoRsaPkcs1GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
keyReq->keyId = xmlSecMSCryptoKeyDataRsaId;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyType = xmlSecKeyDataTypePublic;
keyReq->keyUsage = xmlSecKeyUsageEncrypt;
} else {
keyReq->keyType = xmlSecKeyDataTypePrivate;
keyReq->keyUsage = xmlSecKeyUsageDecrypt;
}
return(0);
}
static int
xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLHmacCtxPtr ctx;
xmlSecKeyDataPtr value;
xmlSecBufferPtr buffer;
xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1);
xmlSecAssert2(key != NULL, -1);
ctx = xmlSecOpenSSLHmacGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->hmacDgst != NULL, -1);
xmlSecAssert2(ctx->ctxInitialized == 0, -1);
value = xmlSecKeyGetValue(key);
xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecOpenSSLKeyDataHmacId), -1);
buffer = xmlSecKeyDataBinaryValueGetBuffer(value);
xmlSecAssert2(buffer != NULL, -1);
if(xmlSecBufferGetSize(buffer) == 0) {
xmlSecErr_a_ignorar5(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE,
"keySize=0");
return(-1);
}
xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1);
HMAC_Init(&(ctx->hmacCtx),
xmlSecBufferGetData(buffer),
xmlSecBufferGetSize(buffer),
ctx->hmacDgst);
ctx->ctxInitialized = 1;
return(0);
}
static int
xmlSecMSCryptoKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecMSCryptoKWDes3CtxPtr ctx;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformKWDes3Id), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoKWDes3Size), -1);
xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecMSCryptoKWDes3GetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
keyReq->keyId = xmlSecMSCryptoKeyDataDesId;
keyReq->keyType = xmlSecKeyDataTypeSymmetric;
if(transform->operation == xmlSecTransformOperationEncrypt) {
keyReq->keyUsage= xmlSecKeyUsageEncrypt;
} else {
keyReq->keyUsage= xmlSecKeyUsageDecrypt;
}
keyReq->keyBitsSize = 8 * XMLSEC_KW_DES3_KEY_LENGTH;
return(0);
}
static int
xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) {
xmlSecOpenSSLRsaOaepCtxPtr ctx;
EVP_PKEY* pKey;
xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLRsaOaepSize), -1);
xmlSecAssert2(key != NULL, -1);
xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecOpenSSLKeyDataRsaId), -1);
ctx = xmlSecOpenSSLRsaOaepGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->pKey == NULL, -1);
pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key));
if(pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLKeyDataRsaGetEvp",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1);
xmlSecAssert2(pKey->pkey.rsa != NULL, -1);
ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey);
if(ctx->pKey == NULL) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
"xmlSecOpenSSLEvpKeyDup",
XMLSEC_ERRORS_R_XMLSEC_FAILED,
XMLSEC_ERRORS_NO_MESSAGE);
return(-1);
}
return(0);
}
static int xmlSecMSCngSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) {
xmlSecMSCngSignatureCtxPtr ctx;
xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1);
xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1);
xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1);
xmlSecAssert2(keyReq != NULL, -1);
ctx = xmlSecMSCngSignatureGetCtx(transform);
xmlSecAssert2(ctx != NULL, -1);
xmlSecAssert2(ctx->keyId != NULL, -1);
keyReq->keyId = ctx->keyId;
if(transform->operation == xmlSecTransformOperationSign) {
keyReq->keyType = xmlSecKeyDataTypePrivate;
keyReq->keyUsage = xmlSecKeyUsageSign;
} else {
keyReq->keyType = xmlSecKeyDataTypePublic;
keyReq->keyUsage = xmlSecKeyUsageVerify;
}
return(0);
}
